Description:

Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. See [NIST CRYPTO]; [NIST CAVP]; [NIST CMVP]; National Security Agency Cryptographic Standards. 


Priority: High 


Category: Network Security 


Services Associated with AWS: 

  • AWS Key Management Service (KMS), AWS Certificate Manager, AWS VPN, AWS Direct Connect


Objective Evidence: 

  • Administrative: documented policies, standards & procedures 
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations 
  • Technical: screen shot of firewall/VPN settings


Possible Technology Considerations: 

  • VPN Concentrator Secure Baseline Configurations (SBC) 


What needs to be answered:

Do applications that are used for remote access use encryption methods to protect the remote access sessions? (Must be FIPS 140 encryption)


  • Ensure Cryptographic Protection of Remote Access Sessions
    Description: This check verifies that cryptographic mechanisms are used to maintain the confidentiality of remote access sessions. Cryptographic standards should include FIPS-validated cryptography and NSA-approved cryptography.
     
     


More details: Remote access sessions use FIPS validated encryption for connection to CUI containing systems.