Did anyone validate of this is possible before writing it?

The first layer of networking is access layer what the computer connects to which if this is possible needs to be able to encrypt transmission.

Problem is both any switch like Cisco switches when you put it in fips-validated mode does not encrypt the control plane. It encrypts the the management interface and ssh to configure the device at fips level ssh encryption.

Same for wifi access points the data plane in fips mode is not encrypted. Only capwap packets and the authentication to get on is encrypted at fips levels.

Also any sort of sslvpn solution like global protect, anyconnect and zscaler is fips-cc not fips validated.

Fips validated seems required in control 3.13.11.

Did any network engineer in the DOD validate their expected architecture exists in the public world?

If the DOD thinks by putting their Cisco switches and APs in fips mode is securing their data plane they are shit out of luck.

Please explain to me how to be compliant with this control?

submitted by /u/toeding
[link] [comments]

published 5 months ago




See all items from the same source