FIPS mode must be enabled.

An XCCDF Rule

Description

<VulnDiscussion>During any user authentication, MKE must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process. FIPS mode enforces the use of cryptographic algorithms and modules. This ensures a higher level of cryptographic security, reducing the risk of vulnerabilities related to cryptographic functions. FIPS-compliant cryptographic modules are designed to provide strong protection for sensitive data. Enabling FIPS mode helps safeguard cryptographic operations, securing data both at rest and in transit within containerized applications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-260908r966081_rule
Severity: High
References: CCI-000197 CCI-000803 CCI-001184 CCI-002418 CCI-002420 CCI-002422 CCI-002450 CCI-002890 CCI-003123
Updated: 19 days ago

If the operating system has FIPS enabled, FIPS mode is enabled by default in MCR. The preferred method is to ensure FIPS mode is set on the operating system prior to installation.

If a change is required on a deployed system, create the directory if it does not exist by executing the following: 

mkdir -p /etc/systemd/system/docker.service.d/
Create a file called /etc/systemd/system/docker.service.d/fips-module.conf and add the following:

[Service]
Environment="DOCKER_FIPS=1"

Reload the Docker configuration to systemd by executing the following: 

sudo systemctl daemon-reload

Restart the Docker service by executing the following:

sudo systemctl restart docker

FIPS mode must be enabled.

Description

Remediation - Manual Procedure