STIGQter: STIG Summary: Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

AAA Services must be configured to encrypt transmitted credentials using a FIPS-validated cryptographic module.

DISA Rule

SV-95625r1_rule

Vulnerability Number

V-80915

Group Title

SRG-APP-000172-AAA-000520

Rule Version

SRG-APP-000172-AAA-000520

Severity

CAT I

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure AAA Services to encrypt transmitted credentials using a FIPS-validated cryptographic module.

Check Contents

Where passwords are used, verify AAA Services are configured to encrypt transmitted credentials using a FIPS-validated cryptographic module. AAA Services may leverage the capability of an operating system or purpose-built module for this purpose.

If AAA Services are not configured to encrypt transmitted credentials using a FIPS-validated cryptographic module, this is a finding.

Note: FIPS-validated cryptographic modules are listed on the NIST Cryptographic Module Validation Program's (CMVP) validation list.

Vulnerability Number

V-80915

Documentable

False

Rule Version

SRG-APP-000172-AAA-000520

Severity Override Guidance

Where passwords are used, verify AAA Services are configured to encrypt transmitted credentials using a FIPS-validated cryptographic module. AAA Services may leverage the capability of an operating system or purpose-built module for this purpose.

If AAA Services are not configured to encrypt transmitted credentials using a FIPS-validated cryptographic module, this is a finding.

Note: FIPS-validated cryptographic modules are listed on the NIST Cryptographic Module Validation Program's (CMVP) validation list.

Check Content Reference

M

Target Key

3357

Comments