Check: RHEL-09-672010
RHEL 9 STIG:
RHEL-09-672010
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must have the crypto-policies package installed. (Cat II impact)
Discussion
Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174
Check Content
Verify that RHEL 9 crypto-policies package is installed with the following command: $ sudo dnf list --installed crypto-policies Example output: crypto-policies.noarch 20220223-1.git5203b41.el9_0.1 If the "crypto-policies" package is not installed, this is a finding.
Fix Text
Install the crypto-policies package (if the package is not already installed) with the following command: $ sudo dnf install crypto-policies
Additional Identifiers
Rule ID: SV-258234r926689_rule
Vulnerability ID: V-258234
Group Title: SRG-OS-000396-GPOS-00176
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002450 |
The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
| CCI-002890 |
The information system implements cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |
| CCI-003123 |
The information system implements cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. |