STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway providing encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes.

DISA Rule

SV-79799r1_rule

Vulnerability Number

V-65309

Group Title

SRG-NET-000510-ALG-000025

Rule Version

WSDP-AG-000137

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

From the DataPower command line, enter "use-fips on" to configure the network device to generate unique session identifiers using a FIPS 140-2 approved random number generator. From the web interface, use "Set Cryptographic Mode" (Administration >> Miscellaneous >> Crypto Tools, Set Cryptographic Mode tab) to set the appliance to "FIPS 140-2 Level 1" mode.

This will achieve NIST SP800-131a compliance.

Check Contents

From the web interface for DataPower device management, verify that the DataPower Gateway Cryptographic Mode is Set to FIPS 140-2 Level 1 (Status >> Crypto >> Cryptographic Mode Status).

If the Mode is not set to FIPS 140-2, this is a finding.

Vulnerability Number

V-65309

Documentable

False

Rule Version

WSDP-AG-000137

Severity Override Guidance

From the web interface for DataPower device management, verify that the DataPower Gateway Cryptographic Mode is Set to FIPS 140-2 Level 1 (Status >> Crypto >> Cryptographic Mode Status).

If the Mode is not set to FIPS 140-2, this is a finding.

Check Content Reference

M

Target Key

2859

Comments