Rule ID
SV-251013r1028178_rule
Version
V3R1
CCIs
SP 800-52 provides guidance on using the most secure version and configuration of the TLS/SSL protocol. Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks which exploit vulnerabilities in this protocol.
Verify the Sentry is configured to implement the applicable required TLS settings in NIST PUB SP 800-52.
1. Log in to Sentry.
2. Go to Settings >> Services >> Sentry.
3. For each of the following configurations, follow the step 4 procedure:
a. Incoming SSL configuration
b. Outgoing SSL configuration
c. UEM SSL configuration
d. Access SSL configuration
4. Verify only TLS 1.2 is selected.
If any other protocol is selected, this is a finding.
For more information, go to the "Sentry 9.8.0 guide for Core" and refer the main section "Standalone Sentry Settings", which includes subsections on how TLS 1.2 is set as the default protocol:
1. Incoming SSL configuration
2. Outgoing SSL configuration
3. UEM SSL configuration
4. Access SSL configuration
Sentry conforms to the NIST SP 800-52 TLS settings by setting TLS 1.2 by default.Configure the Sentry to comply with applicable required TLS settings in NIST PUB SP 800-52.
1. Log in to Sentry.
2. Go to Settings >> Services >> Sentry.
3. For each of the following configurations, follow the step 4 procedure:
a. Incoming SSL configuration
b. Outgoing SSL configuration
c. UEM SSL configuration
d. Access SSL configuration
4. Select only TLS 1.2 and remove others if selected.
5. Click "Apply".