STIGQter: STIG Summary: Test and Development Zone C Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Sensitive data transmitted between interconnected organizations must be encrypted using an approved mechanism for the classification level of the data transmitted.

DISA Rule

SV-51533r1_rule

Vulnerability Number

V-39666

Group Title

ENTD0270 - Sensitive data sent between organizations not encrypted.

Rule Version

ENTD0270

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement an approved encryption mechanism for the classification of data being shared between interconnected organizations. Unclassified/FOUO or any need-to-know data will need to use a FIPS 140-2 validated cryptographic module. Classified traffic must use an NSA approved encryption standard.

Check Contents

Determine whether the proper encryption standard is deployed for the classification of information being shared between interconnected organizations. Unclassified/FOUO or any need-to-know data will need to use a FIPS 140-2 validated cryptographic module. Classified traffic must use an NSA approved encryption standard. If the proper encryption standard is not in use for sharing information between interconnected sites, this is a finding.

Vulnerability Number

V-39666

Documentable

False

Rule Version

ENTD0270

Severity Override Guidance

Determine whether the proper encryption standard is deployed for the classification of information being shared between interconnected organizations. Unclassified/FOUO or any need-to-know data will need to use a FIPS 140-2 validated cryptographic module. Classified traffic must use an NSA approved encryption standard. If the proper encryption standard is not in use for sharing information between interconnected sites, this is a finding.

Check Content Reference

M

Target Key

1133

Comments