Check: PHTN-67-000009
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000009
(in versions v1 r6 through v1 r2)
Title
The Photon operating system must configure sshd to use approved encryption algorithms. (Cat I impact)
Discussion
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. OpenSSH on the Photon operating system is compiled with a FIPS-validated cryptographic module. The "FipsMode" setting controls whether this module is initialized and used in FIPS 140-2 mode. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187
Check Content
At the command line, execute the following command: # sshd -T|&grep -i FipsMode Expected result: fipsmode yes If the output does not match the expected result, this is a finding.
Fix Text
Open /etc/ssh/sshd_config with a text editor. Ensure that the "FipsMode" line is uncommented and set to the following: FipsMode yes At the command line, execute the following command: # service sshd reload
Additional Identifiers
Rule ID: SV-239081r877398_rule
Vulnerability ID: V-239081
Group Title: SRG-OS-000033-GPOS-00014
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000068 |
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions. |
CCI-001453 |
The information system implements cryptographic mechanisms to protect the integrity of remote access sessions. |
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |
CCI-002450 |
The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
CCI-002890 |
The information system implements cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |