RHEL 9 must enable FIPS mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-258230 | RHEL-09-671010 | SV-258230r1184334_rule | CCI-000068 | high |
| Description | ||||
| Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government because this provides assurance they have been tested and validated. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223 | ||||
| STIG | Date | |||
| Red Hat Enterprise Linux 9 Security Technical Implementation Guide | 2026-02-05 | |||
Details
Check Text (C-258230r1184334_chk)
Verify RHEL 9 is in FIPS mode with the following command:
$ cat /proc/sys/crypto/fips_enabled
1
If the command does not return "1", this is a finding.
Fix Text (F-61895r1184333_fix)
Configure RHEL 9 to implement FIPS mode.
If this check fails on an installed system, it is a permanent finding until the system is reinstalled with "fips=1" during installation.