Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. See [NIST CRYPTO]; [NIST CAVP]; [NIST CMVP]; National Security Agency Cryptographic Standards. 

Priority: High 

Category: Network Security 

Services Associated with AWS: 

  • AWS Key Management Service (KMS), AWS Certificate Manager, AWS VPN, AWS Direct Connect

Objective Evidence: 

  • Administrative: documented policies, standards & procedures 
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations 
  • Technical: screen shot of firewall/VPN settings

Possible Technology Considerations: 

  • VPN Concentrator Secure Baseline Configurations (SBC) 

What needs to be answered:

Do applications that are used for remote access use encryption methods to protect the remote access sessions? (Must be FIPS 140 encryption)

  • Ensure Cryptographic Protection of Remote Access Sessions
    Description: This check verifies that cryptographic mechanisms are used to maintain the confidentiality of remote access sessions. Cryptographic standards should include FIPS-validated cryptography and NSA-approved cryptography.

More details: Remote access sessions use FIPS validated encryption for connection to CUI containing systems.