STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.

DISA Rule

SV-206641r617447_rule

Vulnerability Number

V-206641

Group Title

SRG-APP-000514

Rule Version

SRG-APP-000514-DB-000383

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Implement NIST FIPS 140-2 validated cryptographic modules to provide cryptographic protection for the unclassified information that requires it.

Check Contents

If the DBMS contains, or is intended to contain, unclassified information requiring confidentiality and cryptographic protection, and does not employ NIST FIPS 140-2 validated cryptographic modules to provide this protection, this is a finding.

Vulnerability Number

V-206641

Documentable

False

Rule Version

SRG-APP-000514-DB-000383

Severity Override Guidance

If the DBMS contains, or is intended to contain, unclassified information requiring confidentiality and cryptographic protection, and does not employ NIST FIPS 140-2 validated cryptographic modules to provide this protection, this is a finding.

Check Content Reference

M

Target Key

2902

Comments