The network element must employ NSA-approved cryptography to protect classified information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000221-RTR-NA	SRG-NET-000221-RTR-NA	SRG-NET-000221-RTR-NA_rule		Low

Description
Whether a network is being managed locally or from a Network Operations Center (NOC), achieving network management objectives depends on comprehensive and reliable network management solutions. To protect the integrity and confidentiality of nonlocal maintenance and diagnostics, all packets associated with these sessions must be encrypted. During the authentication process, malicious users can gain knowledge of passwords by sniffing local traffic between the network element and the authentication server. It is imperative the authentication process and the transmission of network management traffic implements NSA-approved cryptography. This requirement is applicable to network architecture and is not applicable to the routing function.

Description

Whether a network is being managed locally or from a Network Operations Center (NOC), achieving network management objectives depends on comprehensive and reliable network management solutions. To protect the integrity and confidentiality of nonlocal maintenance and diagnostics, all packets associated with these sessions must be encrypted. During the authentication process, malicious users can gain knowledge of passwords by sniffing local traffic between the network element and the authentication server. It is imperative the authentication process and the transmission of network management traffic implements NSA-approved cryptography. This requirement is applicable to network architecture and is not applicable to the routing function.

STIG	Date
Router Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000221-RTR-NA_chk )
This requirement is NA for router.

Fix Text (F-SRG-NET-000221-RTR-NA_fix)
This requirement is NA for router.