The mobile app must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-APP-000416-MAPP-000100 | SRG-APP-000416-MAPP-000100 | SRG-APP-000416-MAPP-000100_rule | Medium |
| Description |
|---|
| Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The app must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2014-07-22 |
Details
| Check Text ( C-SRG-APP-000416-MAPP-000100_chk ) |
|---|
| Identify what cryptography, if any, protects classified information stored, processed, or transmitted on the device. Verify that the cryptography is NSA-approved for the protection of classified information from the documentation submitted with the app. If the app does not use cryptography to protect classified information, or does not use NSA-approved cryptography for this purpose, this is a finding. |
| Fix Text (F-SRG-APP-000416-MAPP-000100_fix) |
|---|
| Modify the mobile app code to ensure it utilizes NSA-approved and validated cryptography for modules implementing encryption approved for classified information, key exchange, digital signature, and hash. |