The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-219975	SOL-11.1-060060	SV-219975r603267_rule		Medium

Description
FIPS 140-2 is the current standard for validating cryptographic modules, and NSA Type-X (where X=1, 2, 3, 4) products are NSA-certified hardware based encryption modules.

STIG	Date
Solaris 11 SPARC Security Technical Implementation Guide	2021-11-23

Details

Check Text ( C-21685r371297_chk )
This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. The Crypto Management profile is required to execute this command. Check to ensure that FIPS-140 encryption mode is enabled. # cryptoadm list fips-140\| grep -c "is disabled" If the output of this command is not "0", this is a finding.

Check Text ( C-21685r371297_chk )

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

The Crypto Management profile is required to execute this command.

Check to ensure that FIPS-140 encryption mode is enabled.

# cryptoadm list fips-140| grep -c "is disabled"

If the output of this command is not "0", this is a finding.

Fix Text (F-21684r371298_fix)
The Crypto Management profile is required to execute this command. This action applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this action applies. Enable FIPS-140 mode. # pfexec cryptoadm enable fips-140 Reboot the system as requested.