UCF STIG Viewer Logo

tc Server VCAC must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when authenticating users and processes.


Finding ID Version Rule ID IA Controls Severity
V-240807 VRAU-TC-000465 SV-240807r879616_rule Medium
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised due to weak algorithms. FIPS 140-2 is the current standard for validating cryptographic modules and NSA Type-X (where X=1, 2, 3, 4) products are NSA-certified, hardware-based encryption modules. vRA relies upon the OpenSSL suite of encryption libraries. A special carefully defined software component called the OpenSSL FIPS Object Module has been created from the OpenSSL libraries to provide FIPS 140-2 validated encryption. This Module was designed for compatibility with OpenSSL so that products using the OpenSSL API can be converted to use validated cryptography with minimal effort.
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide 2023-10-03


Check Text ( C-44040r674437_chk )
At the command prompt, execute the following command:

grep cipher /etc/vcac/catalina.properties

If the value of "cipher" does not match the list of FIPS 140-2 ciphers or is missing, this is a finding.

Note: To view a list of FIPS 140-2 ciphers, at the command prompt execute the following command:

openssl ciphers 'FIPS'
Fix Text (F-43999r674164_fix)
Navigate to and open /etc/vcac/catalina.properties.

Navigate to and locate "cipher".

Configure the "cipher" with FIPS 140-2 compliant ciphers.