Skip to content

Symantec ProxySG providing reverse proxy encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes.

An XCCDF Rule

Description

<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The network element must implement cryptographic modules adhering to the higher standards approved by the Federal government since this provides assurance they have been tested and validated. This requirement applies only to ALGs that provide encryption intermediary services (e.g., HTTPS, TLS, or DNSSEC).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-104259r1_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure TLS reverse proxy intermediary services to comply with NIST FIPS-validated cryptography.

1. Verify with the ProxySG administrator that reverse proxy services are configured. 
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services. 
4. For each reverse proxy service configured, click "Edit Service" and select only NIST FIPS-validated SSL protocols. Click "Apply".