System Cryptographic Policies

An XCCDF Group

Details
Profiles
Prose

Description

Linux has the capability to centrally configure cryptographic polices. The command update-crypto-policies is used to set the policy applicable for the various cryptographic back-ends, such as SSL/TLS libraries. The configured cryptographic policies will be the default policy used by these backends unless the application user configures them otherwise. When the system has been configured to use the centralized cryptographic policies, the administrator is assured that any application that utilizes the supported backends will follow a policy that adheres to the configured profile. Currently the supported backends are:

GnuTLS library
OpenSSL library
NSS library
OpenJDK
Libkrb5
BIND
OpenSSH

Applications and languages which rely on any of these backends will follow the system policies as well. Examples are apache httpd, nginx, php, and others.

ID: xccdf_org.ssgproject.content_group_crypto
Child Items: 12
Updated: about 1 year ago