Check: RHEL-09-215100
RHEL 9 STIG:
RHEL-09-215100
(in version v2 r3)
Title
RHEL 9 must have the crypto-policies package installed. (Cat II impact)
Discussion
Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174
Check Content
Verify that the RHEL 9 crypto-policies package is installed with the following command: $ dnf list --installed crypto-policies Example output: crypto-policies.noarch 20240828-2.git626aa59.el9_5 If the crypto-policies package is not installed, this is a finding.
Fix Text
Install the crypto-policies package (if the package is not already installed) with the following command: $ sudo dnf -y install crypto-policies
Additional Identifiers
Rule ID: SV-258234r1051250_rule
Vulnerability ID: V-258234
Group Title: SRG-OS-000396-GPOS-00176
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002450 |
Implement organization-defined types of cryptography for each specified cryptography use. |
| CCI-002890 |
Implement organization-defined cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |
| CCI-003123 |
Implement organization-defined cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. |