Check: AZLX-23-001280
Amazon Linux 2023 STIG:
AZLX-23-001280
(in version v1 r1)
Title
Amazon Linux 2023 must enable FIPS mode. (Cat I impact)
Discussion
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Amazon Linux 2023 must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223
Check Content
Verify Amazon Linux 2023 is in FIPS mode with the following command: $ sudo fips-mode-setup --check FIPS mode is enabled. If FIPS mode is not enabled, this is a finding.
Fix Text
Configure Amazon Linux 2023 to implement FIPS mode with the following commands: $ sudo fips-mode-setup --enable Reboot the system for the changes to take effect.
Additional Identifiers
Rule ID: SV-274057r1120159_rule
Vulnerability ID: V-274057
Group Title: SRG-OS-000033-GPOS-00014
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000068 |
Implement cryptographic mechanisms to protect the confidentiality of remote access sessions. |
| CCI-000877 |
Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions. |
| CCI-002418 |
Protect the confidentiality and/or integrity of transmitted information. |
| CCI-002450 |
Implement organization-defined types of cryptography for each specified cryptography use. |