Applications must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35525 | SRG-APP-000199-MAPP-NA | SV-46812r1_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. FIPS 140-2 Security Requirements for Cryptographic Modules can be found at the following web site: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf. Although persons may have a security clearance, they may not have a "need to know" and are required to be separated from the information in question. Applications must employ FIPS validated cryptography to protect unclassified information from those individuals who have no "need to know". Rationale for non-applicability: This SRG applies to single-user applications. Therefore there is no need to separate data from other individuals. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2013-01-04 |
Details
| Check Text ( C-43865r1_chk ) |
|---|
| This requirement is NA for the MAPP SRG. |
| Fix Text (F-40066r1_fix) |
|---|
| The requirement is NA. No fix is required. |