RHEL 10 must enable FIPS mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-281009 | RHEL-10-000500 | SV-281009r1184724_rule | CCI-000068 | high |
| Description | ||||
| Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government because this provides assurance they have been tested and validated. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223 | ||||
| STIG | Date | |||
| Red Hat Enterprise Linux 10 Security Technical Implementation Guide | 2026-03-11 | |||
Details
Check Text (C-281009r1184724_chk)
Verify RHEL 10 is in FIPS mode with the following command:
$ cat /proc/sys/crypto/fips_enabled
1
If the command does not return "1", this is a finding.
Fix Text (F-85475r1184723_fix)
Configure RHEL 10 to implement FIPS mode.
If this check fails on an installed system, it is a permanent finding until the system is reinstalled with "fips=1" during installation.
Red Hat 10 does not support switching to strict FIPS mode after installation.