Rule ID
SV-274315r1100449_rule
Version
V1R1
CCIs
CCI-002450
Unapproved cryptographic algorithms cannot be relied on to provide confidentiality or integrity, and DOD data could be compromised as a result. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-3 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS 140-3 validation is also a strict requirement for use of cryptography in the federal government for protecting unclassified data. SFR ID: FCS
Review the configuration to determine if the Honeywell Android devices are in FIPS mode. On the MDM console (for SDM660 only): 1. In the MDM console, load the active DeviceConfig.xml for the managed device. 2. Verify that item DeviceConfig >> HoneywellSetting >> EnforceOSFipsMode has a value of "1" for "Enable OS FIPS Mode". On the Honeywell Android 13 device (SDM660 only): 1. Open Settings >> Honeywell Settings >> FIPS Enforce Mode. 2. Verify that "FIPS Enforce Mode" is enabled. If "FIPS Enforce Mode" is not enabled, this is a finding.
On the MDM console (for SDM660 only): 1. Ask the MDM administrator to edit the following item in DeviceConfig.xml: Modify item: DeviceConfig >> HoneywellSetting >> EnforceOSFipsMode. Value sample: 1: Enable OS FIPS mode; 0: Disable OS FIPS mode. 2. In the MDM console, the MDM administrator will package this DeviceConfig.xml and push this package to the CN80G device. On the Honeywell Android 13 device (SDM660 only): 1. Open Settings >> Honeywell Settings >> FIPS Enforce Mode. 2. Enable "FIPS Enforce Mode".