STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Solaris 11 SPARC Security Technical Implementation Guide

V-216333

CAT II (Medium)

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.

Rule ID

SV-216333r1016276_rule

STIG

Solaris 11 SPARC Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-004062CCI-000196

Discussion

Cryptographic hashes provide quick password authentication while not actually storing the password.

Check Content

Determine which cryptographic algorithms are configured.

# grep ^CRYPT /etc/security/policy.conf

If the command output does not include the lines, this is a finding.

CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_ALLOW=5,6

Fix Text

The root role is required.

Configure the system to disallow the use of UNIX encryption and enable SHA256 as the default encryption hash.

# pfedit /etc/security/policy.conf

Check that the following lines exist and are not commented out:
CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_ALLOW=5,6