STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

V-282461

CAT II (Medium)

The TOSS 5 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-3-approved cryptographic hashing algorithm for system authentication.

Rule ID

SV-282461r1200363_rule

STIG

Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-004062

Discussion

Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and; therefore, cannot be relied upon to provide confidentiality or integrity, and DOD data may be compromised. TOSS 5 systems using encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modules. FIPS 140-3 is the current standard for validating that mechanisms used to access cryptographic modules use authentication that meets DOD requirements. This allows for Security Levels 1, 2, 3, or 4 for use on a general-purpose computing system.

Check Content

Verify the pam_unix.so module is configured to use sha512 in /etc/pam.d/password-auth using the following command:

$ grep "^password.*pam_unix.so.*sha512" /etc/pam.d/password-auth

password sufficient pam_unix.so sha512

If "sha512" is missing, or the line is commented out, this is a finding.

Fix Text

Configure TOSS 5 to use a FIPS 140-3-approved cryptographic hashing algorithm for system authentication.

Edit or modify the following line in the "/etc/pam.d/password-auth" file to include the sha512 option for pam_unix.so:

password sufficient pam_unix.so sha512