SV-104265r1_rule
V-94311
SRG-NET-000230-ALG-000113
SYMP-AG-000490
CAT I
10
Configure the ProxySG to use only FIPS-compliant HMAC algorithms.
1. Log on to the ProxySG SSH CLI.
2. Type "enable" and enter the enable password.
3. Type "configure terminal" and press "Enter".
4. Type "management-services" and press "Enter". Type "edit HTTPS-Console" and press "Enter".
5. Type "view" to display the list of configured cipher suites.
6. Type "attribute cipher-suite" followed by a space-delimited list of only cipher suites from step 5 that use FIPS-compliant HMAC algorithms and press "Enter".
Verify that only FIPS-compliant HMAC algorithms are in use.
1. Log on to the ProxySG CLI via SSH.
2. Type "show management services".
3. Verify the "Cipher Suite" attribute lists only cipher suites that use FIPS-compliant HMAC algorithms.
If any cipher suites are listed that use non-FIPS-compliant HMAC algorithms, this is a finding.
V-94311
False
SYMP-AG-000490
Verify that only FIPS-compliant HMAC algorithms are in use.
1. Log on to the ProxySG CLI via SSH.
2. Type "show management services".
3. Verify the "Cipher Suite" attribute lists only cipher suites that use FIPS-compliant HMAC algorithms.
If any cipher suites are listed that use non-FIPS-compliant HMAC algorithms, this is a finding.
M
3515