Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-258806 | PHTN-40-000013 | SV-258806r933479_rule | High |
| Description |
|---|
| Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. OpenSSH on the Photon operating system when configured appropriately can utilize a FIPS validated OpenSSL for cryptographic operations. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000423-GPOS-00187, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190 |
| STIG | Date |
|---|---|
| VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide | 2023-10-29 |
Details
| Check Text ( C-62546r933477_chk ) |
|---|
| At the command line, run the following command to verify the OpenSSL FIPS provider is installed: # rpm -qa | grep openssl-fips Example result: openssl-fips-provider-3.0.3-1.ph4.x86_64 If there is no output indicating that the OpenSSL FIPS provider is installed, this is a finding. |
| Fix Text (F-62455r933478_fix) |
|---|
| At the command line, run the following command: # tdnf install openssl-fips-provider |