The vCenter VAMI service must enable FIPS mode.

An XCCDF Rule

Description

<VulnDiscussion>Encryption is only as good as the encryption modules used. Unapproved cryptographic module algorithms cannot be verified and cannot be relied on to provide confidentiality or integrity, and DOD data may be compromised due to weak algorithms. FIPS 140-2 is the current standard for validating cryptographic modules. Satisfies: SRG-APP-000179-WSR-000111, SRG-APP-000014-WSR-000006, SRG-APP-000416-WSR-000118, SRG-APP-000439-WSR-000188</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259148r935348_rule
Severity: High
References: CCI-000068 CCI-000803 CCI-002418 CCI-002450
Updated: 8 months ago

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf  

Add or reconfigure the following value:
server.fips-mode = "enable"

Restart the service with the following command:

# vmon-cli --restart applmgmt

The vCenter VAMI service must enable FIPS mode.

Description

Remediation - Manual Procedure