STIGQter STIGQter: STIG Summary: SDN Controller Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Apr 2020:

The SDN controller must be configured to authenticate northbound Application Program Interface (API) messages received from business applications and management systems using a FIPS-approved message authentication code algorithm.

DISA Rule

SV-95493r1_rule

Vulnerability Number

V-80783

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-SDN-001025

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the SDN controller to authenticate received northbound API messages using a FIPS-approved message authentication code algorithm.

FIPS-approved algorithms for authentication are the CMAC and the HMAC.

AES and 3DES are NIST-approved CMAC algorithms. The following are NIST-approved HMAC algorithms: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.

Check Contents

Review the SDN configuration verify that it is configured to authenticate received northbound API messages using a FIPS-approved message authentication code algorithm.

FIPS-approved algorithms for authentication are the cipher-based message authentication code (CMAC) and the keyed-hash message authentication code (HMAC). AES and 3DES are NIST-approved CMAC algorithms. The following are NIST-approved HMAC algorithms: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.

If the SDN controller is not configured to authenticate northbound API messages received from business applications and management systems using a FIPS-approved message authentication code algorithm, this is a finding.

Vulnerability Number

V-80783

Documentable

False

Rule Version

SRG-NET-000512-SDN-001025

Severity Override Guidance

Review the SDN configuration verify that it is configured to authenticate received northbound API messages using a FIPS-approved message authentication code algorithm.

FIPS-approved algorithms for authentication are the cipher-based message authentication code (CMAC) and the keyed-hash message authentication code (HMAC). AES and 3DES are NIST-approved CMAC algorithms. The following are NIST-approved HMAC algorithms: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.

If the SDN controller is not configured to authenticate northbound API messages received from business applications and management systems using a FIPS-approved message authentication code algorithm, this is a finding.

Check Content Reference

M

Target Key

3333

Comments