OL 9 cryptographic policy files must match files shipped with the operating system.

STIG ID: OL09-00-000244  |  SRG: SRG-OS-000478-GPOS-00223 |  Severity: high |  CCI: CCI-002450 |  Vulnerability Id: V-271481

Vulnerability Discussion

The OL 9 package crypto-policies defines the cryptography policies for the system.

If the files are changed from those shipped with the operating system, it may be possible for OL 9 to use cryptographic functions that are not FIPS 140-3 approved.

Satisfies: SRG-OS-000478-GPOS-00223, SRG-OS-000396-GPOS-00176

Check

Verify that OL 9 crypto-policies package has not been modified with the following command:

$ rpm -V crypto-policies

If the command has any output, this is a finding.

Fix

Reinstall the crypto-policies package to remove any modifications.

$ sudo dnf reinstall -y crypto-policies
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.