The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures.

An XCCDF Rule

Description

<VulnDiscussion>FIPS 140-2 is the current standard for validating cryptographic modules, and NSA Type-X (where X=1, 2, 3, 4) products are NSA-certified hardware based encryption modules.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-220003r987791_rule
Severity: Medium
References: CCI-002450
Updated: 17 days ago

The Crypto Management profile is required to execute this command.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename
If the command output is "global", this action applies.

Enable FIPS-140 mode.

# pfexec cryptoadm enable fips-140

Reboot the system as requested.

The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures.

Description

Remediation - Manual Procedure