STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Redis Enterprise 6.x Security Technical Implementation Guide

V-251248

CAT II (Medium)

Redis Enterprise DBMS must maintain the confidentiality and integrity of information during preparation for transmission.

Rule ID

SV-251248r961638_rule

STIG

Redis Enterprise 6.x Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-002420

Discussion

Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information. Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. When transmitting data, the DBMS, associated applications, and infrastructure must leverage transmission protection mechanisms. For more detailed information, refer to: https://docs.redislabs.com/latest/rs/administering/designing-production/security/

Check Content

Redis has optional support for TLS on all communication channels, including client connections, replication links, and the Redis Cluster bus protocol.

By default, each cluster node has a different set of self-signed certificates. These certificates can be replaced with a DoD-acceptable certificate, preferably a certificate issued by an intermediate certificate authority (CA).

For security reasons, Redis Enterprise only supports only the TLS protocol. Therefore, verify that the Redis client or secured tunnel solution is TLS v1.2 or above.

First, verify that the host operating system is encrypted. 

If the host operating system is not encrypted, this is a finding.

If the host operating system is encrypted, run the following commands and verify that only DoD-approved PKI certificates are present:
# cd /etc/opt/redislabs
# ls 

Verify the proxy_cert.pem file is present.

If no certificates are found, this is a finding.

Verify that TLS is configured to be used. To check this:
1. Log in to the Redis Enterprise web UI as an admin user.
2. Navigate to the Databases tab and select the database and then configuration.
3. Review the configuration and verify that TLS is enabled for all communications.

If TLS is not configured to be used, this is a finding.

To check the current TLS version, run the following commands on one of the servers that is hosting Redis Enterprise as a privileged user:
# ccs-cli
# hgetall min_control_tls_version

If TLS is not FIPS compliant, this is a finding.

Fix Text

To configure TLS and configure only organizationally defined CA-signed certificates, refer to the following document: 
https://docs.redislabs.com/latest/rs/administering/cluster-operations/updating-certificates/