STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cisco Secure Network Analytics (SNA) Security Technical Implementation Guide

V-284901

CAT II (Medium)

The Cisco SNA appliance must be configured to encrypt information at rest using a DoW-accepted algorithm to protect the confidentiality and integrity of the information.

Rule ID

SV-284901r1227145_rule

STIG

Cisco Secure Network Analytics (SNA) Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001199

Discussion

Data at rest is inactive data stored physically in any digital form (e.g., databases, data warehouses, spreadsheets, archives, tapes, off-site backups, mobile devices, etc.). Data at rest includes, but is not limited to, archived data, data that is not accessed or changed frequently, files stored on hard drives, USB thumb drives, files stored on backup tape and disks, and files stored off-site or on a storage area network. While data at rest can reside in many places, data at rest for a web server is data on the hosting system storage devices. Data stored as a backup on tape or stored off-site is no longer under the protection measures covered by the web server. There are several pieces of data the web server uses during operation. The web server must use an accepted encryption method, such as AES-256, to protect the confidentiality and integrity of the information.

Check Content

Review the Cisco SNA appliance configuration to verify information at rest (i.e., backup configuration file) are encrypted.

Navigate to SNA Dashboard >> Configure >> Central Management >> (Appliance) Actions >> Edit Appliance Configuration >> General tab >> Backup Configuration Encryption.

Verify "Enable Encryption" is checked and "Password" has been set.

Note: The encryption method is automatically set to AES256-GCM for this feature.

If the information at rest (i.e., backup configuration file) is not encrypted using a DoW-accepted algorithm, this is a finding.

Fix Text

Configure the SNA appliance to encrypt information at rest by enabling the "Backup Configuration Encryption" feature. 

Navigate to SNA Dashboard >> Configure >> Central Management >> (Appliance) Actions >> Edit Appliance Configuration >> General tab >> Backup Configuration Encryption.

Check "Enable Encryption" and enter a password in the "Password" boxes.

Click "Apply Settings".

Note: The encryption method is automatically set to AES256-GCM for this feature.