From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-300730
Associated with: CCI-000635
Information system components are discrete, identifiable information technology assets that represent the building blocks of an information system. Information system components include commercial information technology products. Security functional requirements include security capabilities, security functions, and security mechanisms. Security strength requirements associated with such capabilities, functions, and mechanisms include degree of correctness, completeness, resistance to direct attack, and resistance to tampering or bypass. Security assurance requirements include: (i) development processes, procedures, practices, and methodologies; and (ii) evidence from development and assessment activities providing grounds for confidence that the required security functionality has been implemented and the required security strength has been achieved. Security documentation requirements address all phases of the system development life-cycle.
Review each Voice Video system security plan (SSP). Verify that the organization requires products with a cryptographic module be FIPS-validated. Products with a NIAP-approved Protection Profile for a specific technology type are evaluated for FIPS-validated cryptographic modules as part of the compliance process. Those products without NIAP approval must be FIPS-validated when relying on cryptographic functionality to enforce its security policy. If the Voice Video SSP does not document, and the organization does not enforce, that products relying on cryptographic functionality to enforce security policy must have FIPS-validated cryptographic modules, this is a finding.
Document in the Voice Video SSP all network components and/or devices used in the design of the Voice Video system. The design requires products with a cryptographic module be FIPS-validated. Products with NIAP-approved Protection Profile for a specific technology type are evaluated for FIPS-validated cryptographic modules as part of the compliance process. Those products without NIAP approval must be FIPS-validated when relying on cryptographic functionality to enforce its security policy.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer