The ICS must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 approved algorithm.
An XCCDF Rule
Description
If unsecured protocols (lacking cryptographic mechanisms) are used for sessions, the contents of those sessions will be susceptible to eavesdropping, potentially putting sensitive data (including administrator passwords) at risk of compromise and potentially allowing hijacking of maintenance sessions. When JITC mode is enabled, it also enables FIPS mode is also automatically enabled. However, this requirement focuses only on the use of FIPS validated encryption algorithms and protocols.
- ID
- SV-258598r1028331_rule
- Version
- IVCS-NM-000010
- Severity
- High
- References
- Updated
Remediation Templates
A Manual Procedure
Enable compliance modes to ensure only FIPS 140-2/140-3 algorithms are used. Once "Turn on JITC mode" is checked, "Turn on NDcPP mode" and "Turn on FIPS mode" are also checked automatically; however, the focus of this requirement is on enabling FIPS mode. The following procedure is the preferred DOD process.
In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options.
1. Under "DOD Certification Option", check (enabled) "Turn on JITC mode" to enable the JITC mode security features.
2. Click "Save changes" and confirm after the web UI asks for SSL cipher configuration changes.