STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data.

DISA Rule

SV-54322r3_rule

Vulnerability Number

V-41745

Group Title

SRG-APP-000179-WSR-000110

Rule Version

SRG-APP-000179-WSR-000110

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Configure the web server to utilize FIPS 140-2 approved encryption modules when the web server is storing data.

Check Contents

Review web server documentation and deployed configuration to determine whether the encryption modules utilized for storage of data are FIPS 140-2 compliant.

Reference the following NIST site to identify validated encryption modules:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

If the encryption modules used for storage of data are not FIPS 140-2 validated, this is a finding.

Vulnerability Number

V-41745

Documentable

False

Rule Version

SRG-APP-000179-WSR-000110

Severity Override Guidance

Review web server documentation and deployed configuration to determine whether the encryption modules utilized for storage of data are FIPS 140-2 compliant.

Reference the following NIST site to identify validated encryption modules:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

If the encryption modules used for storage of data are not FIPS 140-2 validated, this is a finding.

Check Content Reference

M

Target Key

2557

Comments