GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents.

Information

File integrity tools often use cryptographic hashes for verifying that file contents have not been altered. These hashes must be FIPS 140-2 approved.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If using AIDE, edit the configuration and add the sha256 or sha512 option for all monitored files and directories.

If using a different file integrity tool, configure FIPS 140-2 approved cryptographic hashes per the tool's documentation.

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7, CAT|III, CCI|CCI-001297, Group-ID|V-22509, Rule-ID|SV-26861r1_rule, STIG-ID|GEN006575, Vuln-ID|V-22509

Plugin: Unix

Control ID: 38f265c41abc2b93075727dbe9d953cfaef0e20b7a17ea8b2a8f68f4ac1e0573