The system administrator will ensure in-band management access to the device is secured using FIPS 140-2 approved encryption or hash algorithms such as AES, 3DES, SSH, or TLS / SSL.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3069 | NET1638 | SV-3069r7_rule | ECSC-1 | Medium |
| Description |
|---|
| Remote administration using non-FIPS 140-2 compliant encryption is inherently dangerous because anyone with a sniffer and access to the right LAN segment can acquire the device's account and password information. With this intercepted information they could gain access to the device and cause denial of service attacks, intercept sensitive information, or perform other destructive actions. |
| STIG | Date |
|---|---|
| WMAN Bridge | 2011-10-07 |
Details
| Check Text ( C-3532r2_chk ) |
|---|
| Base Procedure: Review the Inband management interfaces and determine if the access to the device is encrypted as required. |
| Fix Text (F-3094r4_fix) |
|---|
| The SA will ensure access to network devices comply with approved FIPS 140-2. |