UCF STIG Viewer Logo

Sensitive data transmitted between interconnected organizations must be encrypted using an approved mechanism for the classification level of the data transmitted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-39666 ENTD0270 SV-51533r1_rule ECCT-1 ECCT-2 ECIC-1 Medium
Description
The use of encryption at the appropriate level to secure the confidentiality and integrity of sensitive information is imperative to ensure a data breach does not occur when transiting a transport network. If the information shared between interconnecting sites is marked for anything other than public release or is need to know, then it must use encryption correlating with the classification of the data in transit. Unclassified/FOUO will need to use a FIPS 140-2 validated cryptographic module. Classified traffic needs to use an NSA approved encryption standard.
STIG Date
Test and Development Zone C Security Technical Implementation Guide 2018-09-17

Details

Check Text ( C-46821r1_chk )
Determine whether the proper encryption standard is deployed for the classification of information being shared between interconnected organizations. Unclassified/FOUO or any need-to-know data will need to use a FIPS 140-2 validated cryptographic module. Classified traffic must use an NSA approved encryption standard. If the proper encryption standard is not in use for sharing information between interconnected sites, this is a finding.
Fix Text (F-44674r1_fix)
Implement an approved encryption mechanism for the classification of data being shared between interconnected organizations. Unclassified/FOUO or any need-to-know data will need to use a FIPS 140-2 validated cryptographic module. Classified traffic must use an NSA approved encryption standard.