The SSMC web server must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.
An XCCDF Rule
Description
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and DOD data may be compromised due to weak algorithms. FIPS 140-2 is the current standard for validating cryptographic modules and NSA Type-X (where X=1, 2, 3, 4) products are NSA-certified, hardware-based encryption modules. The web server must provide FIPS-compliant encryption modules when authenticating users and processes. Satisfies: SRG-APP-000179-WSR-000111, SRG-APP-000014-WSR-000006, SRG-APP-000015-WSR-000014, SRG-APP-000179-WSR-000110, SRG-APP-000224-WSR-000135, SRG-APP-000224-WSR-000136, SRG-APP-000224-WSR-000139, SRG-APP-000416-WSR-000118, SRG-APP-000439-WSR-000156, SRG-APP-000441-WSR-000181, SRG-APP-000442-WSR-000182
- ID
- SV-255251r961050_rule
- Version
- SSMC-WS-010010
- Severity
- High
- Updated
Remediation Templates
A Manual Procedure
Configure SSMC to utilize FIPS 140-2 approved mode of encryption for authenticating users by doing the following:
1. Log on to the SSMC administrator console as "ssmcadmin" and enable FIPS 140-2 mode.
a. Navigate to Actions >> Preferences >> FIPS 140-2 Enabled setting and toggle the switch to "yes". Select "OK".