Check: AZLX-23-001195
Amazon Linux 2023 STIG:
AZLX-23-001195
(in version v1 r1)
Title
Amazon Linux 2023 must have the crypto-policies package installed. (Cat II impact)
Discussion
Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000424-GPOS-00188
Check Content
Verify Amazon Linux 2023 crypto-policies package is installed with the following command: $ dnf list --installed crypto-policies Installed Packages crypto-policies.noarch 20240828-2.git626aa59.amzn2023.0.1 @System If the "crypto-policies" package is not installed, this is a finding.
Fix Text
Configure Amazon Linux 2023 to have the crypto-policies package installed with the following command: $ sudo dnf install -y crypto-policies
Additional Identifiers
Rule ID: SV-274040r1120108_rule
Vulnerability ID: V-274040
Group Title: SRG-OS-000396-GPOS-00176
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002421 |
Implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. |
| CCI-002450 |
Implement organization-defined types of cryptography for each specified cryptography use. |
| CCI-002890 |
Implement organization-defined cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |
| CCI-003123 |
Implement organization-defined cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. |