20.55 Ensure 'Separate NSA-approved (Type 1) cryptography is used' (STIG DC only)

Information

This policy setting ensures that separate NSA-approved (Type 1) cryptography is used to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data.

Directory data that is not appropriately encrypted is subject to compromise. Commercial-grade encryption does not provide adequate protection when the classification level of directory data in transit is higher than the level of the network.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure a NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level that transfer replication data through a network cleared to a lower level than the data.

Impact:

NSA approved cryptography and cryptographic equipment will be needed to comply with this recommendation.

See Also

https://workbench.cisecurity.org/benchmarks/15301

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: 5ac5dead577088610defde6203012589897b1e9fd92bee174a884466077aedb7