Amazon Linux 2023 must have the crypto-policies package installed.

STIG ID: AZLX-23-001195  |  SRG: SRG-OS-000396-GPOS-00176 |  Severity: medium (CAT II)  |  CCI: CCI-002450,CCI-002890,CCI-003123,CCI-002421 |  Vulnerability Id: V-274040

Vulnerability Discussion

Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data.

Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000424-GPOS-00188

Check

Verify Amazon Linux 2023 crypto-policies package is installed with the following command:

$ dnf list --installed crypto-policies
Installed Packages
crypto-policies.noarch 20240828-2.git626aa59.amzn2023.0.1 @System

If the "crypto-policies" package is not installed, this is a finding.

Fix

Configure Amazon Linux 2023 to have the crypto-policies package installed with the following command:

$ sudo dnf install -y crypto-policies
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.