Check: RHEL-09-672015
RHEL 9 STIG:
RHEL-09-672015
(in versions v1 r3 through v1 r1)
Title
RHEL 9 crypto policy files must match files shipped with the operating system. (Cat I impact)
Discussion
The RHEL 9 package "crypto-policies" defines the cryptography policies for the system. If the files are changed from those shipped with the operating system, it may be possible for RHEL 9 to use cryptographic functions that are not FIPS 140-3 approved. Satisfies: SRG-OS-000478-GPOS-00223, SRG-OS-000396-GPOS-00176
Check Content
Verify that the RHEL 9 package "crypto-policies" has not been modified with the following command: $ rpm -V crypto-policies If the command has any output, this is a finding.
Fix Text
Reinstall the crypto-policies package to remove any modifications. $ sudo dnf reinstall crypto-policies
Additional Identifiers
Rule ID: SV-258235r926692_rule
Vulnerability ID: V-258235
Group Title: SRG-OS-000478-GPOS-00223
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002450 |
The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
Controls
| Number | Title |
|---|---|
| SC-13 |
Cryptographic Protection |