Dragos must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of application configuration files and user-generated data stored or aggregated on the device.

An XCCDF Rule

Description

<VulnDiscussion>Confidentiality and integrity protections are intended to address the confidentiality and integrity of system information at rest (e.g., network device rule sets) when it is located on a storage device within the network device or as a component of the network device. This protection is required to prevent unauthorized alteration, corruption, or disclosure of information when not stored directly on the network device. This requirement addresses protection of user-generated data as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-265644r1017803_rule
Severity: Medium
References: CCI-001199
Updated: 17 days ago

If using Dragos hardware, this check is Not Applicable.

Configuring FIPS compliance in a virtual environment involves enabling settings or options that enforce the use of only FIPS-approved cryptographic algorithms and modules. The exact steps may vary depending on the virtualization platform being used (e.g., VMware, Hyper-V, VirtualBox) or the cloud service provider being used (e.g., AWS, Azure). Here is a general guide on how to configure FIPS compliance in a virtual environment:

Review Documentation: 
Start by reviewing the documentation provided by the virtualization platform or cloud service provider. Check for information on FIPS compliance and how to enable it within the environment.
Enable FIPS Mode:
Many virtualization platforms offer an option to enable FIPS mode. Depending on the platform, this option may be found in the settings or configuration menu.

Update Software: 
Ensure the virtualization software and any guest operating systems are up to date. Some updates may include patches or changes related to FIPS compliance.

Configure Security Policies:
Check if there are specific security policies or configurations related to FIPS compliance that need to be set within the virtual environment. This could include policies related to encryption, authentication, or other security-related settings.

Test Configuration: 
After enabling FIPS mode and configuring any necessary settings, perform testing to ensure that only FIPS-approved cryptographic algorithms are being used within the virtual environment. Test various cryptographic operations to verify compliance.

Dragos must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of application configuration files and user-generated data stored or aggregated on the device.

Description

Remediation - Manual Procedure