Description:
Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. See [NIST CRYPTO]; [NIST CAVP]; [NIST CMVP]; National Security Agency Cryptographic Standards.
Priority: High
Category: Network Security
Services Associated with AWS:
- AWS Key Management Service (KMS), AWS Certificate Manager, AWS VPN, AWS Direct Connect
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
- Technical: screen shot of firewall/VPN settings
Possible Technology Considerations:
- VPN Concentrator Secure Baseline Configurations (SBC)
What needs to be answered:
Do applications that are used for remote access use encryption methods to protect the remote access sessions? (Must be FIPS 140 encryption)
- Ensure Cryptographic Protection of Remote Access Sessions
Description: This check verifies that cryptographic mechanisms are used to maintain the confidentiality of remote access sessions. Cryptographic standards should include FIPS-validated cryptography and NSA-approved cryptography.
More details: Remote access sessions use FIPS validated encryption for connection to CUI containing systems.