STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide

V-240065

CAT II (Medium)

HAProxy must be configured to use only FIPS 140-2 approved ciphers.

Rule ID

SV-240065r879616_rule

STIG

VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000803

Discussion

Use of cryptography to provide confidentiality and non-repudiation is not effective unless strong methods are employed with its use. Many earlier encryption methods and modules have been broken and/or overtaken by increasing computing power. The NIST FIPS 140-2 cryptographic standards provide proven methods and strengths to employ cryptography effectively.

Check Content

At the command prompt, execute the following command:

grep -E 'bind.*ssl' /etc/haproxy/conf.d/30-vro-config.cfg /etc/haproxy/conf.d/20-vcac.cfg

If the return value for SSL cipher list is not set to "FIPS: +3DES:!aNULL", this is a finding.

Fix Text

Navigate to and open the following files:

/etc/haproxy/conf.d/30-vro-config.cfg 
/etc/haproxy/conf.d/20-vcac.cfg

Navigate to the frontend section in each file.

Configure the bind keyword file with this cipher list: 

'FIPS: +3DES:!aNULL'