← Back to Red Hat Enterprise Linux 9 Security Technical Implementation Guide

V-258230

CAT I (High)

RHEL 9 must enable FIPS mode.

Rule ID

SV-258230r1184334_rule

STIG

Red Hat Enterprise Linux 9 Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-000068 CCI-000877 CCI-002418 CCI-002450

Discussion

Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government because this provides assurance they have been tested and validated. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223

Check Content

Verify RHEL 9 is in FIPS mode with the following command:

$ cat /proc/sys/crypto/fips_enabled
1

If the command does not return "1", this is a finding.

Fix Text

Configure RHEL 9 to implement FIPS mode.

If this check fails on an installed system, it is a permanent finding until the system is reinstalled with "fips=1" during installation.