Documentation - V-270978

Title

Dragos must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of application configuration files and user-generated data stored or aggregated on the device.

Description

<VulnDiscussion>Confidentiality and integrity protections are intended to address the confidentiality and integrity of system information at rest (e.g., network device rule sets) when it is located on a storage device within the network device or as a component of the network device. This protection is required to prevent unauthorized alteration, corruption, or disclosure of information when not stored directly on the network device. This requirement addresses protection of user-generated data ...

Fix Text (Documentation Requirement)

If using Dragos hardware, this check is Not Applicable. Configuring FIPS compliance in a virtual environment involves enabling settings or options that enforce the use of only FIPS-approved cryptographic algorithms and modules. The exact steps may vary depending on the virtualization platform being used (e.g., VMware, Hyper-V, VirtualBox) or the cloud service provider being used (e.g., AWS, Azure). Here is a general guide on how to configure FIPS compliance in a virtual environment: Review Documentation: Start by reviewing the documentation provided by the virtualization platform or cloud service provider. Check for information on FIPS compliance and how to enable it within the environment. Enable FIPS Mode: Many virtualization platforms offer an option to enable FIPS mode. Depending o...