Rule ID
SV-281009r1184724_rule
Version
V1R1
Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government because this provides assurance they have been tested and validated. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223
Verify RHEL 10 is in FIPS mode with the following command: $ cat /proc/sys/crypto/fips_enabled 1 If the command does not return "1", this is a finding.
Configure RHEL 10 to implement FIPS mode. If this check fails on an installed system, it is a permanent finding until the system is reinstalled with "fips=1" during installation. Red Hat 10 does not support switching to strict FIPS mode after installation.