RHEL 9 must enable FIPS mode.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-258230 | SRG-OS-000033-GPOS-00014 | RHEL-09-671010 | SV-258230r1184334_rule | 2026-02-05 | 2 |
Description
Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government because this provides assurance they have been tested and validated.
Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223
ℹ️ Check
Verify RHEL 9 is in FIPS mode with the following command:
$ cat /proc/sys/crypto/fips_enabled
1
If the command does not return "1", this is a finding.
✔️ Fix
Configure RHEL 9 to implement FIPS mode.
If this check fails on an installed system, it is a permanent finding until the system is reinstalled with "fips=1" during installation.