FIPS 140-2/140-3 mode must be enabled on SLEM 5.
An XCCDF Rule
Description
<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. SLEM 5 must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-261473r996824_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
To configure SLEM 5 to run in FIPS mode, add "fips=1" to the kernel parameter during SLEM 5 install.
Enabling FIPS mode on a preexisting system involves a number of modifications to SLEM 5. Refer to section 9.1, "Crypto Officer Guidance", of the following document for installation guidance:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2435.pdf