UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Redis Enterprise DBMS must recognize only system-generated session identifiers.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251237 RD6X-00-010300 SV-251237r804901_rule Medium
Description
This requirement focuses on communications protection for the DBMS session rather than for the network packet. The intent of this control is to establish grounds for confidence at each end of a communications session in the ongoing identity of the other party and in the validity of the information being transmitted. Redis Enterprise Software (RS) uses self-signed certificates out-of-the-box to make sure that sessions are secure by default. When using the default self-signed certificates, an untrusted connection notification is shown in the web UI. Depending on the browser used, the user can allow the connection for each session or add an exception to make the site trusted in future sessions.
STIG Date
Redis Enterprise 6.x Security Technical Implementation Guide 2022-09-19

Details

Check Text ( C-54672r804899_chk )
By default, each cluster node has a different set of self-signed certificates. These certificates can be replaced with a DoD-acceptable certificate, preferably a certificate issued by an intermediate certificate authority (CA).

For security reasons, Redis Enterprise only supports the TLS protocol. Therefore, verify that the Redis client or secured tunnel solution is TLS v1.2 or above.

Run the following commands and verify that certificates are present:
# cd /etc/opt/redislabs
# ls

Verify the proxy_cert.pem file is present.

If no certificates are present, this is a finding.
Fix Text (F-54626r804900_fix)
To configure TLS and configure only organizationally defined CA-signed certificates, refer to the following document:
https://docs.redislabs.com/latest/rs/administering/cluster-operations/updating-certificates/