Rule ID
SV-284535r1244943_rule
Version
V1R1
Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoW data may be compromised. This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead of FTP, and HTTPS instead of HTTP. If unsecured protocols (lacking cryptographic mechanisms) are used for sessions, the contents of those sessions will be susceptible to eavesdropping, potentially putting sensitive data (including administrator passwords) at risk of compromise and potentially allowing hijacking of maintenance sessions. Satisfies: SRG-APP-000412-NDM-000331, SRG-APP-000142-NDM-000245, SRG-APP-000156-NDM-000250, SRG-APP-000179-NDM-000265, SRG-APP-000224-NDM-000270, SRG-APP-000435-NDM-000315, SRG-APP-000516-NDM-000317
1. In the Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. 2. Verify the "Turn on JITC mode" checkbox is not checked. 3. Verify the "Turn on NDcPP mode" checkbox is not checked. 4. Verify the "Turn on FIPS mode" checkbox is not checked. If JITC and NDcPP compliance modes are not configured, this is a finding.
1. In the Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. 2. Under the DoW Certification option, enable "Turn on JITC mode" to enable the JITC mode security features. 3. Under SSL NDcPP Mode Option, enable "Turn on NDcPP mode" to enable the NDcPP mode security features. 4. Under SSL FIPS Mode Option, check enable "Turn on FIPS mode" to enable the FIPS mode security features. 5. Click "Save changes" and confirm after the web UI asks for SSL cipher configuration changes.