STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

V-269126

CAT I (High)

AlmaLinux OS 9 must use the TuxCare FIPS packages and not the default encryption packages.

Rule ID

SV-269126r1107617_rule

STIG

Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

Version

V1R6

CCIs

CCI-000068CCI-002450CCI-000877

Discussion

FIPS 140-3-validated packages are available from TuxCare here: https://tuxcare.com/fips-for-almalinux/ The original community packages must be replaced with the versions that have gone through the CMVP. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000478-GPOS-00223, SRG-OS-000396-GPOS-00176, SRG-OS-000125-GPOS-00065

Check Content

Verify that AlmaLinux OS 9 is using the TuxCare FIPS packages with the following command:

$ rpm -qa | grep -E '^(gnutls|nettle|nss|openssl|libgcrypt|kernel)-[0-9]+' | grep -v tuxcare

If the command returns anything, this is a finding.

Fix Text

Ensure FIPS-validated packages are in use instead of OS defaults using the following commands:

$ dnf -y upgrade
$ reboot

After rebooting into a FIPS kernel, remove the OS default kernel packages, using for example:

$ dnf remove kernel-5.14.0-284.11.1.el9_2.x86_64 kernel-5.14.0-284.30.1.el9_2.x86_64
$ dnf autoremove