All MobileIron Core MDM server cryptography supporting DoD functionality must be configured to use FIPS 140-2 validated encryption modules.

From MobileIron Core v9.x MDM Security Technical Implementation Guide

Part of PP-MDM-204100

Associated with: CCI-002450

SV-85139r1_rule All MobileIron Core MDM server cryptography supporting DoD functionality must be configured to use FIPS 140-2 validated encryption modules.

Vulnerability discussion

Unapproved cryptographic algorithms cannot be relied upon to provide confidentiality or integrity, and DoD data could be compromised as a result. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS 140-2 validation is also a strict requirement for use of cryptography in the Federal Government for protecting unclassified data.SFR ID: FCS

Check content

Check the MobileIron Core Server to verify it has been configured to use a FIPS 140-2 validated cryptographic module. 1. SSH to MobileIron Core Server from any SSH client. 2. Enter the administrator credentials you set when you installed MobileIron Core. 3. Enter "show fips". 4. Verify "FIPS 140 mode is enabled" is displayed. If the MobileIron Server Core does not report that fips mode is enabled, this is a finding.

Fix text

Configure the MobileIron Core Server to use a FIPS 140-2 validated cryptographic module. 1. SSH to MobileIron Core Server from any SSH client. 2. Enter the administrator credentials set up when the MobileIron Core was installed. 3. Enter "enable". 4. When prompted, enter the "enable" secret set up when the MobileIron Core was installed. 5. Enter "configure terminal". 6. Enter the following command to enable FIPS: "fips" 7. Enter the following command to proceed with the necessary reload: "do reload"

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer