This control activity guides the IT professional through configuring the use of FIPS-compliant protocols and algorithms within the operating system.
Home
<ObjectTemplate ID="ID_d72ca42f_37c6_4163_aa49_e41db42f9e9b" TypeID="GRCControl!System.Compliance.ManualControlActivityProjection">
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalName$">$MPElement[Name='GRC!System.Compliance.SourceNameEnum.MicrosoftCorporation']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalId$">ID_d72ca42f_37c6_4163_aa49_e41db42f9e9b</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalVersion$">1.0</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Type$">$MPElement[Name='GRCControl!System.Compliance.ControlActivity.TypeEnum.Preventive']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Title$">Configure Encryption</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/DisplayName$">ID_d72ca42f_37c6_4163_aa49_e41db42f9e9b Configure Encryption</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Description$">Windows Server 2003 SP2:This control activity guides the IT professional through configuring the use of FIPS-compliant protocols and algorithms within the operating system.</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ImplementationMethod$">The product can be configured to enableonly FIPS compliant algorithms. These settings are not enabled through provided security baselines, as they could disable connectivity to critical systems if not properly configured. The organization must determine what machines require FIPS compliant algorithms in order to sufficiently and reasonably mitigate unauthorized access through brute force decryption attacks. Determine a FIPS compliant algorithm plan with your IT department, then enable this setting on required machines. If FIPS compliant algorithm enforcement is required, it may be configured using the following Group Policy setting.
To apply the settings:
System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing 1
GPO Setting Location: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/AdditionalGuidance$">For more information, see:
"Security Compliance Manager" at http://technet.microsoft.com/en-us/library/cc677002.aspx
"The effects of enabling System Cryptography" at
http://support.microsoft.com/kb/811833</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestSummary$">Manual Assertion
Manually assert whether the procedure has been sufficiently and reasonably performed since the last assertion.
Manual assertions should be recorded at a frequency that is commensurate with audit sample sizes and frequencies, which can vary according to GRC authority document requirements and your organization's audit schedule. Determine what personnel will make the manual assertion by asking the GRC program manager. Typically, this assertion will be made by an analyst who observes an IT professional that enacts the process.
Record the compliance state as an assertion within the GRC program with one of the following states: compliant, noncompliant, error, or unknown.
Manual Assertion Steps:
1. Open the Service Manager Console.
2. Click the Compliance and Risk Items Workspace.
3. Expand the Control Management folder, then the Control Activities folders and select the All Control Activities View.
4. In the Control Activities View, select control activities for which you want to add a result and in the Task pane select Edit Control Activity. Service Manager Console launches the Control Activity form with the selected control activity.
5. In the Control Activity form, in the Task pane, select the Add Result Console task. Service Manager Console launches the Select Template dialog.
6. Select one of the templates for the results (Compliant, Non-Compliant, Unknown or Error). The Result form will open with the Result set to the control activity template name (for example, Compliant means Result = Compliant, and so on). The owner field is populated with the current user name.
7. Select one of the programs from the Program section before Results (OK button is enabled).
8. Save the results by clicking OK in the dialog. Service Manager Console creates a Number of Managed Entity Results per Configuration Item in Scope for the selected programs. Service Manager Console will close the Add Result dialog and create a relationship between the control activity and Managed Entitiy Result in the CMDB. The Control Activity form remains open and displays the updated control activity in the form.</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestId$"/>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestName$"/>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/SupportedControlObjectives$">ID_1c279b2b_c0b8_4b87_a09b_3583b4f9d006, ID_309033fd_0f6a_4598_b43c_fa805ed3c63a</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Technology$">$MPElement[Name='System.Compliance.CATechnology.WS2003SP2']$</Property>
</ObjectTemplate>