Dragos must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of application configuration files and user-generated data stored or aggregated on the device.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-270978 | DRAG-OT-001010 | SV-270978r1057577_rule | Medium |
| Description |
| Confidentiality and integrity protections are intended to address the confidentiality and integrity of system information at rest (e.g., network device rule sets) when it is located on a storage device within the network device or as a component of the network device. This protection is required to prevent unauthorized alteration, corruption, or disclosure of information when not stored directly on the network device. This requirement addresses protection of user-generated data as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information. |
| STIG | Date |
| Dragos Platform 2.x Security Technical Implementation Guide | 2024-12-23 |
Details
| Check Text (C-75021r1057575_chk) |
| If using Dragos hardware, this check is Not Applicable. In a virtual environment, check for FIPS-validated encryption: Check the documentation of the virtual environment being used (e.g., virtual machine software or cloud service provider documentation) to find out if it uses FIPS compliance or FIPS-validated encryption support. Check for configuration settings related to encryption algorithms and cryptographic modules in the virtual environment. Some platforms allow users to enable FIPS mode. Perform testing to ensure that only FIPS-approved cryptographic algorithms are being used within the virtual environment. This would involve testing encryption and decryption processes to confirm compliance with FIPS standards. If the virtual environment is not using FIPS-validated encryption or is not using FIPS compliance, this is a finding. |
| Fix Text (F-74922r1057576_fix) |
| If using Dragos hardware, this check is Not Applicable. Configuring FIPS compliance in a virtual environment involves enabling settings or options that enforce the use of only FIPS-approved cryptographic algorithms and modules. The exact steps may vary depending on the virtualization platform being used (e.g., VMware, Hyper-V, VirtualBox) or the cloud service provider being used (e.g., AWS, Azure). Here is a general guide on how to configure FIPS compliance in a virtual environment: Review Documentation: Start by reviewing the documentation provided by the virtualization platform or cloud service provider. Check for information on FIPS compliance and how to enable it within the environment. Enable FIPS Mode: Many virtualization platforms offer an option to enable FIPS mode. Depending on the platform, this option may be found in the settings or configuration menu. Update Software: Ensure the virtualization software and any guest operating systems are up to date. Some updates may include patches or changes related to FIPS compliance. Configure Security Policies: Check if there are specific security policies or configurations related to FIPS compliance that need to be set within the virtual environment. This could include policies related to encryption, authentication, or other security-related settings. Test Configuration: After enabling FIPS mode and configuring any necessary settings, perform testing to ensure that only FIPS-approved cryptographic algorithms are being used within the virtual environment. Test various cryptographic operations to verify compliance. |