Check: PHTN-30-000009
VMware vSphere 7.0 vCenter Appliance Photon OS STIG:
PHTN-30-000009
(in versions v1 r3 through v1 r1)
Title
The Photon operating system must configure sshd to use approved encryption algorithms. (Cat III impact)
Discussion
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. OpenSSH on the Photon operating system is compiled with a FIPS-validated cryptographic module. The "FipsMode" setting controls whether this module is initialized and used in FIPS 140-2 mode. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000393-GPOS-00173, SRG-OS-000396-GPOS-00176, SRG-OS-000250-GPOS-00093, SRG-OS-000423-GPOS-00187
Check Content
At the command line, run the following command: # sshd -T|&grep -i FipsMode Expected result: FipsMode yes If the output does not match the expected result, this is a finding.
Fix Text
Navigate to and open: /etc/ssh/sshd_config Ensure the "FipsMode" line is uncommented and set to the following: FipsMode yes At the command line, run the following command: # systemctl restart sshd.service
Additional Identifiers
Rule ID: SV-256486r887132_rule
Vulnerability ID: V-256486
Group Title: SRG-OS-000033-GPOS-00014
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000068 |
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions. |
CCI-001453 |
The information system implements cryptographic mechanisms to protect the integrity of remote access sessions. |
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |
CCI-002450 |
The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
CCI-002890 |
The information system implements cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |