Skip to content

The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes.

An XCCDF Rule

Description

<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. If the application resides on a National Security System (NSS) it must not use a hashing algorithm weaker than SHA-384.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-222571r879885_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure the application to use a FIPS-validated hashing algorithm when creating a cryptographic hash.