The IBM Aspera High-Speed Transfer Server must enable the use of dynamic token encryption keys.

An XCCDF Rule

Description

<VulnDiscussion>Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. The dynamic token encryption key is used for encrypting authorization tokens dynamically for improved security and time-limited validity which limits the chances of a key becoming compromised. NOTE: A dynamic token encryption key can be set for an individual user or a system group. Satisfies: SRG-NET-000062-ALG-000011, SRG-NET-000400-ALG-000097</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-252634r818072_rule
Severity: Medium
References: CCI-000068 CCI-000197
Updated: about 1 year ago

Configure the Aspera High-Speed Transfer Server to enable the use of dynamic token encryption keys with the following command:

$ sudo asconfigurator -x "set_node_data; token_dynamic_key,true"

Restart the IBM Aspera Node service to activate the changes.
$ sudo systemctl restart asperanoded.service

The IBM Aspera High-Speed Transfer Server must enable the use of dynamic token encryption keys.

Description

Remediation - Manual Procedure