Detections
Analytics
RHEL-10-000500 - RHEL 10 must enable FIPS mode.
Information
Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government because this provides assurance they have been tested and validated.Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223
Solution
Configure RHEL 10 to implement FIPS mode.If this check fails on an installed system, it is a permanent finding until the system is reinstalled with "fips=1" during installation.
Red Hat 10 does not support switching to strict FIPS mode after installation.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|AC-17(2), 800-53|MA-4(6), 800-53|MA-4c., 800-53|SC-8, 800-53|SC-13, CAT|I, CCI|CCI-000068, CCI|CCI-000877, CCI|CCI-001453, CCI|CCI-002418, CCI|CCI-002450, CCI|CCI-002890, CCI|CCI-003123, Rule-ID|SV-281009r1184724_rule, STIG-ID|RHEL-10-000500, Vuln-ID|V-281009
Plugin: Unix
Control ID: a532405773f7d1305c3a31d98d5a3f6f115e3c1d9a48e29ca5c0748296e741ca