STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

The VTU must use FIPS 140-2 validated encryption module.

DISA Rule

SV-18858r2_rule

Vulnerability Number

V-17684

Group Title

RTS-VTC 1230

Rule Version

RTS-VTC 1230.00

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Purchase and install only those VTUs and MCUs that employ encryption modules that are validated to FIPS 140-2 standards. Upgrade or replace non-compliant devices.

Note: Updating firmware or software to provide desired functionality is preferred. A vendor may provide security updates and patches that offer additional functions. In many cases, the IA Vulnerability Management (IAVM) system mandates updating software to reduce risk to DoD networks.

Check Contents

Interview the ISSO to validate compliance with the following requirement:

Ensure VTUs under his/her control employ encryption module(s) validated to FIPS 140-2.

Determine if the various VTUs with which the system under review is expected to communicate support and are using FIPS 140-2 validated encryption modules and that they are operated in FIPS mode. Have the ISSO or SA demonstrate and verify that the VTU is using 140-2 encryption in FIPS mode. Review documentation from the vendor designating the encryption modules in use and verify that they are listed on the NIST CMVP validated modules web site (http://csrc.nist.gov/groups/STM/cmvp/validation.html). If the VTU does not use FIPS 140-2 validated encryption module, this is a finding.

The VTU must use FIPS 140-2 validated encryption module.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments