UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must employ FIPS-validated or NSA-approved cryptography to implement digital signatures.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000308-NDM-000193 SRG-NET-000308-NDM-000193 SRG-NET-000308-NDM-000193_rule Medium
Description
Use of weak or untested certificates undermines the purposes of utilizing encryption to protect data. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS-140 validation and NSA approval provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Similarly, NSA approval of cryptography for classified data and applications is a strict requirement. Traffic between the network device, sensors, and/or other network devices must be protected by cryptographic mechanisms. Digital signatures must be used to validate the authenticity of information, firmware, or health checks. Digital signatures must be implemented using either of the following: (i) FIPS-validated (e.g., DoD PKI) cryptographic module. (ii) NSA-approved cryptographic module.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000308-NDM-000193_chk )
Verify digital signatures used by the network device to validate the authenticity of information using either of the following:
(i) a cryptographic module from the NIST Cryptographic Algorithm Validation Program (CAVP) product lists to determine if FIPS 140-validated cryptography is used (e.g., DoD PKI); or
(ii) an NSA-approved cryptographic module.

If NSA-approved or FIPS-validated cryptography is not used to implement digital signatures, this is a finding.
Fix Text (F-SRG-NET-000308-NDM-000193_fix)
Install digital signatures that comply with FIPS or NSA certificate requirements.