STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

Application servers must use NIST-approved or NSA-approved key management technology and processes.

DISA Rule

SV-204831r508029_rule

Vulnerability Number

V-204831

Group Title

SRG-APP-000514

Rule Version

SRG-APP-000514-AS-000136

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Configure the application server to utilize NIST-approved or NSA-approved key management technology when the application server produces, controls, and distributes symmetric and asymmetric cryptographic keys.

Check Contents

Review application server configuration and the NIST FIPS certificate to validate the application server uses NIST-approved or NSA-approved key management technology and processes when producing, controlling or distributing symmetric and asymmetric keys.

If the application server does not use this NIST-approved or NSA-approved key management technology and processes, this is a finding.

Vulnerability Number

V-204831

Documentable

False

Rule Version

SRG-APP-000514-AS-000136

Severity Override Guidance

Review application server configuration and the NIST FIPS certificate to validate the application server uses NIST-approved or NSA-approved key management technology and processes when producing, controlling or distributing symmetric and asymmetric keys.

If the application server does not use this NIST-approved or NSA-approved key management technology and processes, this is a finding.

Check Content Reference

M

Target Key

2900

Comments