RHEL 9 must implement a system-wide encryption policy.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-258241	RHEL-09-672045	SV-258241r987791_rule		Medium

Description
Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174

STIG	Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide	2024-06-04

Details

Check Text ( C-61982r926708_chk )
Verify that the RHEL 9 cryptography policy has been configured correctly with the following commands: $ sudo update-crypto-policies --show FIPS If the cryptography is not set to "FIPS" and is not applied, this is a finding. $ sudo update-crypto-policies --check The configured policy matches the generated policy If the command does not return "The configured policy matches the generated policy", this is a finding.

Check Text ( C-61982r926708_chk )

Verify that the RHEL 9 cryptography policy has been configured correctly with the following commands:

$ sudo update-crypto-policies --show

FIPS

If the cryptography is not set to "FIPS" and is not applied, this is a finding.

$ sudo update-crypto-policies --check

The configured policy matches the generated policy

If the command does not return "The configured policy matches the generated policy", this is a finding.

Fix Text (F-61906r926709_fix)
Configure the operating system to implement FIPS mode with the following command $ sudo fips-mode-setup --enable Reboot the system for the changes to take effect.