STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG that stores secret or private keys must use FIPS-approved key management technology and processes in the production and control of private/secret cryptographic keys.

DISA Rule

SV-70457r1_rule

Vulnerability Number

V-56203

Group Title

SRG-NET-000062-ALG-000092

Rule Version

SRG-NET-000062-ALG-000092

Severity

CAT II

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

For ALGs that store secret or private keys, configure the ALG settings to ensure it uses a FIPS 140-2 validated cryptographic module for generating, storing and accessing private keys.

Check Contents

If the ALG does not generate or store secret or private keys, this is not applicable.

Verify the ALG uses a FIPS 140-2 validated cryptographic module for private key generation, storage and access.

If the ALG does not use or support a FIPS 140-2 validated cryptographic module for producing, storing and accessing private key data, this is a finding.

Vulnerability Number

V-56203

Documentable

False

Rule Version

SRG-NET-000062-ALG-000092

Severity Override Guidance

If the ALG does not generate or store secret or private keys, this is not applicable.

Verify the ALG uses a FIPS 140-2 validated cryptographic module for private key generation, storage and access.

If the ALG does not use or support a FIPS 140-2 validated cryptographic module for producing, storing and accessing private key data, this is a finding.

Check Content Reference

M

Target Key

2489

Comments