STIGQter STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must use mechanisms meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

DISA Rule

SV-77467r1_rule

Vulnerability Number

V-62977

Group Title

SRG-APP-000179-NDM-000265

Rule Version

RICX-DM-000130

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RiOS to be licenses to use FIPS 140-2 cryptographic modules.

Navigate to the device CLI
Type: enable
Type: config t
Type: license install <license-string>

Type: web ssl cipher TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL

Type: write memory

Verify license installation
Type: show licenses

Type: show web ssl cipher

Check Contents

Verify that RiOS is licensed to use FIPS 140-2 cryptographic modules.

Navigate to the device CLI
Type: enable
Type: config t
Type: show licenses

Verify installation of a FIPS License

Type: show web ssl cipher
Verify that the web ssl cipher string is:
"TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL"

If a FIPS license is not present and the web ssl cipher string is not set properly, this is a finding.

Vulnerability Number

V-62977

Documentable

False

Rule Version

RICX-DM-000130

Severity Override Guidance

Verify that RiOS is licensed to use FIPS 140-2 cryptographic modules.

Navigate to the device CLI
Type: enable
Type: config t
Type: show licenses

Verify installation of a FIPS License

Type: show web ssl cipher
Verify that the web ssl cipher string is:
"TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL"

If a FIPS license is not present and the web ssl cipher string is not set properly, this is a finding.

Check Content Reference

M

Target Key

2931

Comments