Applications must employ FIPS-validated cryptography to protect unclassified information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35523	SRG-APP-000197-MAPP-NA	SV-46810r1_rule		Medium

Description
Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Rationale for non-applicability: Per the MOS SRG, the MOS must implement FIPS 140-2 validated cryptographic modules for protection of data. To the extent the mobile application uses cryptography not offered by the MOS, FIPS requirements are covered under SRG-APP-000196.

Description

Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Rationale for non-applicability: Per the MOS SRG, the MOS must implement FIPS 140-2 validated cryptographic modules for protection of data. To the extent the mobile application uses cryptography not offered by the MOS, FIPS requirements are covered under SRG-APP-000196.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43863r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40064r1_fix)
The requirement is NA. No fix is required.