Detections
Analytics
VCLD-70-000056 - VAMI must enable FIPS mode.
Information
Encryption is only as good as the encryption modules used. Unapproved cryptographic module algorithms cannot be verified and cannot be relied on to provide confidentiality or integrity, and DOD data may be compromised due to weak algorithms. FIPS 140-2 is the current standard for validating cryptographic modules.Solution
Navigate to and open:/opt/vmware/etc/lighttpd/lighttpd.conf
Add or reconfigure the following value:
server.fips-mode = 'enable'
Restart the service with the following command:
# vmon-cli --restart applmgmt
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 7.0 VAMI v1r2
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-7, CAT|I, CCI|CCI-000803, Rule-ID|SV-256672r888538_rule, STIG-ID|VCLD-70-000056, Vuln-ID|V-256672
Plugin: Unix
Control ID: 7bcb3ba54576ec82b148202c7d9a2f47e1894ccd6966e53b95641a0d14c8896b