AlmaLinux OS 9 must implement a systemwide encryption policy.

STIG ID: ALMA-09-040060  |  SRG: SRG-OS-000394-GPOS-00174 |  Severity: medium |  CCI: CCI-003123,CCI-002450 |  Vulnerability Id: V-269418

Vulnerability Discussion

Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data.

Satisfies: SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176

Check

Verify that the AlmaLinux OS 9 cryptography policy has been configured correctly with the following commands:

$ update-crypto-policies --show

FIPS

If the cryptography is not set to "FIPS" and is not applied, this is a finding.

$ update-crypto-policies --check

The configured policy matches the generated policy.

If the command does not return "The configured policy matches the generated policy", this is a finding.

Fix

Configure the operating system to implement FIPS mode with the following command:

$ fips-mode-setup --enable

Reboot the system for the changes to take effect.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.