Ensure that devices to be used in FIPS-compliant applications will use FIPS-compliant functions and procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19382 | SRC-VPN-060 | SV-21299r1_rule | Low |
| Description |
|---|
| It is not enough to enable FIPS encryption. To gain the full security implied by the FIPS standard, the functions and procedures required by the FIPS 140-2 documents must also be implemented. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-23374r1_chk ) |
|---|
| Interview site representative or inspect the VPN encryption configuration on the TLS VPN appliance or server. NOTE: Prior to purchasing a TLS VPN, the site will verify the system has the capability to require HMAC-SHA-1. However, use of devices using SHA-1 hash functions is acceptable. |
| Fix Text (F-19954r1_fix) |
|---|
| Whe purchasing an TLS VPN, ensure the system has the capability to require HMAC-SHA-1. |