UCF STIG Viewer Logo

ECCR-1 Encryption for Confidentiality (Data at Rest)


Overview

If required by the information owner, NIST-certified cryptography is used to encrypt stored sensitive information.

MAC / CONF Impact Subject Area
SENSITIVE Low Enclave Computing Environment

Details

Threat
Without proper cryptography being used, it would affect the confidentiality, integrity, and availability of sensitive information.  This implementation guide is aimed to help information owners implement proper cryptography to protect sensitive information stored within the enclave.

Guidance
1. The information owner shall determine whether sensitive information stored needs to be protected using encryption.
2. The system engineering team (e.g., project manager, system engineers, and IA personnel) shall perform the following:
  a. Identify a list of NIST-certified cryptography algorithms and keys (e.g., 3DES, AES) that can encrypt stored sensitive information
  b. Research vendors products that have been certified based on NIST-certified cryptography
  c. Perform an analysis of advantages and disadvantages of individual products based on system’s operational requirements and available fund.
  d. Select a product that is the most suitable to the system’s environment to encrypt sensitive information
  e. Install and test the encryption capability in a lab environment
  f. Implement the product into the system in the operational environment

References

  • FIPS 197, Advanced Encryption Standard. 26 November 2001
  • FIPS 140-2, Security Requirements for Cryptographic Modules, 25 May 2001
  • NIST SP 800-21, Guideline for Implementing Cryptography in the Federal Government, November 1999
  • NIST SP 800-67, Recommendation for the Tripe Data Encryption Algorithm (TDEA) Block Cipher, May 1004
  • NIST SP 800-36, Guide to Selecting Information Security Products, October 2003