Encrypt Partitions

An XCCDF Rule

Description

SUSE Linux Enterprise 12 natively supports partition encryption through the Linux Unified Key Setup-on-disk-format (LUKS) technology. The easiest way to encrypt a partition is during installation time.

For manual installations, select the Encrypt checkbox during partition creation to encrypt the partition. When this option is selected the system will prompt for a passphrase to use in decrypting the partition. The passphrase will subsequently need to be entered manually every time the system boots.

Detailed information on encrypting partitions using LUKS or LUKS ciphers can be found on the SUSE Linux Enterprise 12 Documentation web site:
https://www.suse.com/documentation/sled-12/book_security/data/sec_security_cryptofs_y2.html .

Rationale

The risk of a system's physical compromise, particularly mobile systems such as laptops, places its data at risk of compromise. Encrypting this data mitigates the risk of its loss if the system is lost.

ID: xccdf_org.ssgproject.content_rule_encrypt_partitions
Severity: High
References: 13 14

APO01.06 BAI02.01 BAI06.01 DSS04.07 DSS05.03 DSS05.04 DSS05.07 DSS06.02 DSS06.06

3.13.16

CCI-001199 CCI-002475 CCI-002476

164.308(a)(1)(ii)(D) 164.308(b)(1) 164.310(d) 164.312(a)(1) 164.312(a)(2)(iii) 164.312(a)(2)(iv) 164.312(b) 164.312(c) 164.312(d) 164.314(b)(2)(i)

SR 3.4 SR 4.1 SR 5.2

A.10.1.1 A.11.1.4 A.11.1.5 A.11.2.1 A.13.1.1 A.13.1.3 A.13.2.1 A.13.2.3 A.13.2.4 A.14.1.2 A.14.1.3 A.6.1.2 A.7.1.1 A.7.1.2 A.7.3.1 A.8.2.2 A.8.2.3 A.9.1.1 A.9.1.2 A.9.2.3 A.9.4.1 A.9.4.4 A.9.4.5

CIP-003-8 R4.2 CIP-007-3 R5.1

SC-28 SC-28.1

PR.DS-1 PR.DS-5

SRG-OS-000185-GPOS-00079 SRG-OS-000404-GPOS-00183 SRG-OS-000405-GPOS-00184

SLES-12-010450

CCE-83046-3

SV-217146r854086_rule
Updated: about 1 year ago