The ICS must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 approved algorithm.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-258598	IVCS-NM-000010	SV-258598r1028331_rule		High

Description

If unsecured protocols (lacking cryptographic mechanisms) are used for sessions, the contents of those sessions will be susceptible to eavesdropping, potentially putting sensitive data (including administrator passwords) at risk of compromise and potentially allowing hijacking of maintenance sessions. When JITC mode is enabled, it also enables FIPS mode is also automatically enabled. However, this requirement focuses only on the use of FIPS validated encryption algorithms and protocols.

STIG	Date
Ivanti Connect Secure NDM Security Technical Implementation Guide	2024-09-16

Details

Check Text (C-62338r1028329_chk)

In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. Verify "Turn on FIPS mode" checkbox is enabled (checked).

If the use of FIPS 140-2/140-3 approved algorithms is not enabled, this is a finding.

Fix Text (F-62247r1028330_fix)

Enable compliance modes to ensure only FIPS 140-2/140-3 algorithms are used. Once "Turn on JITC mode" is checked, "Turn on NDcPP mode" and "Turn on FIPS mode" are also checked automatically; however, the focus of this requirement is on enabling FIPS mode. The following procedure is the preferred DOD process.

In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options.
1. Under "DOD Certification Option", check (enabled) "Turn on JITC mode" to enable the JITC mode security features.
2. Click "Save changes" and confirm after the web UI asks for SSL cipher configuration changes.

STIG VIEWER