STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 1 hour ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cisco Secure Network Analytics (SNA) Security Technical Implementation Guide

V-284896

CAT I (High)

The Cisco SNA appliance must use FIPS 140-3-approved algorithms for authentication to a cryptographic module.

Rule ID

SV-284896r1227141_rule

STIG

Cisco Secure Network Analytics (SNA) Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000803CCI-002890CCI-003123

Discussion

Unapproved mechanisms used for authentication to the cryptographic module are not validated and therefore, cannot be relied upon to provide confidentiality or integrity and DoW data may be compromised. Network devices using encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modules. FIPS 140-3 is the current standard for validating that mechanisms used to access cryptographic modules use authentication that meets DoW requirements. However, authentication algorithms must configure security processes to use only FIPS-approved and NIST-recommended authentication algorithms. Satisfies: SRG-APP-000179-NDM-000265, SRG-APP-000411-NDM-000330, SRG-APP-000412-NDM-000331

Check Content

Verify the Cisco SNA appliance is configured to use FIPS 140-3-approved algorithms for authentication to a cryptographic module by restricting encryption to Compliance Mode.

Navigate to SNA Dashboard >> Configure >> Central Management >> (Appliance) Actions >> Edit Appliance Configuration >> General tab >> Compliance Mode. 

Verify "Enable FIPS Encryption Libraries" is checked at a minimum.

If the Cisco SNA Appliance does not use FIPS-validated MAC to protect the integrity of nonlocal maintenance and diagnostic communications, this is a finding.

Fix Text

Configure the network device to use FIPS-validated MAC to protect the integrity of nonlocal maintenance and diagnostic communications.

Navigate to SNA Dashboard >> Configure >> Central Management >> (Appliance) Actions >> Edit Appliance Configuration >> General tab >> Compliance Mode.

Read the warnings and ensure all prerequisites are met. Then, check the boxes and type the requested number sequence to confirm.

Select "Enable FIPS Encryption Libraries" and "Enable Common Criteria Encryption Libraries" for the most restrictive combination.

Click "Apply Settings".

Note: Review the Help Menu and configuration guides to ensure the configuration has met all prerequisites prior to enabling restricted libraries.