STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 4 Release: 9 Benchmark Date: 25 Jan 2019: The application must use mechanisms meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

DISA Rule

SV-84781r2_rule

Vulnerability Number

V-70159

Group Title

SRG-APP-000179

Rule Version

APSC-DV-001860

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Use FIPS-approved cryptographic modules.

Check Contents

Review the application documentation and interview the application administrator.

Identify if the application provides access to cryptographic modules and if access is required in order to manage cryptographic modules contained within the application.

If the application does not provide authenticated access to a cryptographic module, the requirement is not applicable.

Review and identify the cryptographic module. Refer to the NIST website listing all FIPS-approved cryptographic modules.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

If the cryptographic module that requires authentication is not on the FIPS-approved module list, this is a finding.

Vulnerability Number

V-70159

Documentable

False

Rule Version

APSC-DV-001860

Severity Override Guidance

Review the application documentation and interview the application administrator.

Identify if the application provides access to cryptographic modules and if access is required in order to manage cryptographic modules contained within the application.

If the application does not provide authenticated access to a cryptographic module, the requirement is not applicable.

Review and identify the cryptographic module. Refer to the NIST website listing all FIPS-approved cryptographic modules.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

If the cryptographic module that requires authentication is not on the FIPS-approved module list, this is a finding.

Check Content Reference

M

Target Key

3009

Comments