Check: RHEL-09-672045
RHEL 9 STIG:
RHEL-09-672045
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must implement a system-wide encryption policy. (Cat II impact)
Discussion
Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174
Check Content
Verify that the RHEL 9 cryptography policy has been configured correctly with the following commands: $ sudo update-crypto-policies --show FIPS If the cryptography is not set to "FIPS" and is not applied, this is a finding. $ sudo update-crypto-policies --check The configured policy matches the generated policy If the command does not return "The configured policy matches the generated policy", this is a finding.
Fix Text
Configure the operating system to implement FIPS mode with the following command $ sudo fips-mode-setup --enable Reboot the system for the changes to take effect.
Additional Identifiers
Rule ID: SV-258241r926710_rule
Vulnerability ID: V-258241
Group Title: SRG-OS-000396-GPOS-00176
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002450 |
The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
| CCI-002890 |
The information system implements cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |
| CCI-003123 |
The information system implements cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. |