CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
AlmaLinux OS 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH client connections.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DOD nonpublic information systems by an auth...Rule Medium Severity -
SRG-OS-000250-GPOS-00093
Group -
SRG-OS-000250-GPOS-00093
Group -
SRG-OS-000250-GPOS-00093
Group -
AlmaLinux OS 9 SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms.
Without cryptographic integrity protections provided by FIPS-validated cryptographic algorithms, information can be viewed and altered by unauthorized users without detection. AlmaLinux OS 9 incor...Rule Medium Severity -
SRG-OS-000250-GPOS-00093
Group -
SRG-OS-000250-GPOS-00093
Group -
AlmaLinux OS 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DOD nonpublic information systems by an auth...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
Group -
SRG-OS-000250-GPOS-00093
Group -
AlmaLinux OS 9 must implement DOD-approved TLS encryption in the GnuTLS package.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DOD nonpublic information systems by an auth...Rule High Severity -
SRG-OS-000033-GPOS-00014
Group -
AlmaLinux OS 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms.
Overriding the system crypto policy makes the behavior of the Libreswan service violate expectations and makes the system configuration more fragmented.Rule Medium Severity -
SRG-OS-000250-GPOS-00093
Group -
SRG-OS-000250-GPOS-00093
Group -
AlmaLinux OS 9 must implement DOD-approved TLS encryption in the OpenSSL package.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DOD nonpublic information systems by an auth...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
Group -
AlmaLinux OS 9 must use the TuxCare FIPS repository.
FIPS 140-3 validated packages are available from TuxCare. The TuxCare repositories provide the packages and updates not found in the community repositories. Satisfies: SRG-OS-000033-GPOS-00014, S...Rule High Severity -
SRG-OS-000033-GPOS-00014
Group -
AlmaLinux OS 9 must use the TuxCare FIPS packages and not the default encryption packages.
FIPS 140-3 validated packages are available from TuxCare. The original community packages must be replaced with the versions that have gone through the CMVP. Satisfies: SRG-OS-000033-GPOS-00014, ...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.