Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Sensitive data transmitted between interconnected organizations must be encrypted using an approved mechanism for the classification level of the data transmitted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-39666 | ENTD0270 | SV-51533r1_rule | ECCT-1 ECCT-2 ECIC-1 | Medium |
| Description |
|---|
| The use of encryption at the appropriate level to secure the confidentiality and integrity of sensitive information is imperative to ensure a data breach does not occur when transiting a transport network. If the information shared between interconnecting sites is marked for anything other than public release or is need to know, then it must use encryption correlating with the classification of the data in transit. Unclassified/FOUO will need to use a FIPS 140-2 validated cryptographic module. Classified traffic needs to use an NSA approved encryption standard. |
| STIG | Date |
|---|---|
| Test and Development Zone C Security Technical Implementation Guide | 2018-09-17 |
Details
| Check Text ( C-46821r1_chk ) |
|---|
| Determine whether the proper encryption standard is deployed for the classification of information being shared between interconnected organizations. Unclassified/FOUO or any need-to-know data will need to use a FIPS 140-2 validated cryptographic module. Classified traffic must use an NSA approved encryption standard. If the proper encryption standard is not in use for sharing information between interconnected sites, this is a finding. |
| Fix Text (F-44674r1_fix) |
|---|
| Implement an approved encryption mechanism for the classification of data being shared between interconnected organizations. Unclassified/FOUO or any need-to-know data will need to use a FIPS 140-2 validated cryptographic module. Classified traffic must use an NSA approved encryption standard. |