Amazon Linux 2023 must enable FIPS mode.

STIG ID: AZLX-23-001280  |  SRG: SRG-OS-000033-GPOS-00014 |  Severity: high (CAT I)  |  CCI: CCI-000068,CCI-000877,CCI-002450,CCI-002418 |  Vulnerability Id: V-274057

Vulnerability Discussion

Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Amazon Linux 2023 must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.

Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223

Check

Verify Amazon Linux 2023 is in FIPS mode with the following command:

$ sudo fips-mode-setup --check
FIPS mode is enabled.

If FIPS mode is not enabled, this is a finding.

Fix

Configure Amazon Linux 2023 to implement FIPS mode with the following commands:

$ sudo fips-mode-setup --enable

Reboot the system for the changes to take effect.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.