Skip to content

Application servers must use NIST-approved or NSA-approved key management technology and processes.

An XCCDF Rule

Description

<VulnDiscussion>An asymmetric encryption key must be protected during transmission. The public portion of an asymmetric key pair can be freely distributed without fear of compromise, and the private portion of the key must be protected. The application server will provide software libraries that applications can programmatically utilize to encrypt and decrypt information. These application server libraries must use NIST-approved or NSA-approved key management technology and processes when producing, controlling, or distributing symmetric and asymmetric keys.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-204831r879885_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure the application server to utilize NIST-approved or NSA-approved key management technology when the application server produces, controls, and distributes symmetric and asymmetric cryptographic keys.