Check: ASP4-TE-030150
IBM Aspera Platform 4.2 STIG:
ASP4-TE-030150
(in versions v1 r2 through v1 r1)
Title
The IBM Aspera High-Speed Transfer Endpoint must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR). (Cat II impact)
Discussion
Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Configuration settings are the set of parameters that can be changed that affect the security posture and/or functionality of the network element. Security-related parameters are those parameters impacting the security state of the network element, including the parameters required to satisfy other security control requirements. For the network element, security-related parameters include settings for network traffic management configurations. The askmscli tool sets content-protection secrets only for each user, not for groups and not for all users on a node. Each transfer user requires their own content-protection secret for SSEAR.
Check Content
Verify the IBM High-Speed Transfer Endpoint enables content protection for each transfer user by encrypting passphrases used for SSEAR with the following command: $ sudo /opt/aspera/bin/askmcli -u <transferuser> -H ssear v0: (SHA-512) 6fcb5c284590f67af12334cf27f94a6dc5fb2f27627b9ba8dc20c210df3edd7a596cd3c9961a5c36bfd8e57a9ae15a6859559f8e11c3059704859cabb59d8340 If the command returns "No records found for ssear", this is a finding.
Fix Text
Configure the IBM High-Speed Transfer Endpoint to enable content protection for each transfer user by encrypting passphrases used for SSEAR with the following command: $ sudo /opt/aspera/bin/askmscli -u <transferuser> -s ssear
Additional Identifiers
Rule ID: SV-252617r831519_rule
Vulnerability ID: V-252617
Group Title: SRG-NET-000512-ALG-000062
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002475 |
The information system implements cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined information system components. |
CCI-002476 |
The information system implements cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined information system components. |
Controls
Number | Title |
---|---|
SC-28 (1) |
Cryptographic Protection |