Rule ID
SV-258598r1028331_rule
Version
V2R3
CCIs
If unsecured protocols (lacking cryptographic mechanisms) are used for sessions, the contents of those sessions will be susceptible to eavesdropping, potentially putting sensitive data (including administrator passwords) at risk of compromise and potentially allowing hijacking of maintenance sessions. When JITC mode is enabled, it also enables FIPS mode is also automatically enabled. However, this requirement focuses only on the use of FIPS validated encryption algorithms and protocols.
In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. Verify "Turn on FIPS mode" checkbox is enabled (checked). If the use of FIPS 140-2/140-3 approved algorithms is not enabled, this is a finding.
Enable compliance modes to ensure only FIPS 140-2/140-3 algorithms are used. Once "Turn on JITC mode" is checked, "Turn on NDcPP mode" and "Turn on FIPS mode" are also checked automatically; however, the focus of this requirement is on enabling FIPS mode. The following procedure is the preferred DOD process. In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. 1. Under "DOD Certification Option", check (enabled) "Turn on JITC mode" to enable the JITC mode security features. 2. Click "Save changes" and confirm after the web UI asks for SSL cipher configuration changes.