Amazon Linux 2023 must enable FIPS mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-274057 | AZLX-23-001280 | SV-274057r1120159_rule | CCI-000068 | high |
| Description | ||||
| Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Amazon Linux 2023 must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223 | ||||
| STIG | Date | |||
| Amazon Linux 2023 Security Technical Implementation Guide | 2026-02-27 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-17(2)
1.00
- DISA · V1R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.13
1.00
- DISA · V1R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000068
1.00
- DISA · V1R3 · disa_xccdf · related
Details
Check Text (C-274057r1120159_chk)
Verify Amazon Linux 2023 is in FIPS mode with the following command:
$ sudo fips-mode-setup --check
FIPS mode is enabled.
If FIPS mode is not enabled, this is a finding.
Fix Text (F-78053r1120158_fix)
Configure Amazon Linux 2023 to implement FIPS mode with the following commands:
$ sudo fips-mode-setup --enable
Reboot the system for the changes to take effect.