TOSS 5 must implement a systemwide encryption policy.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-282603 | SRG-OS-000396-GPOS-00176 | TOSS-05-000475 | SV-282603r1200789_rule | 2026-04-01 | 1 |
Description
Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data.
ℹ️ Check
Verify the TOSS 5 cryptography policy has been configured correctly with the following commands:
$ sudo update-crypto-policies --show
FIPS:OSPP
If the cryptography base profile is not set to "FIPS" and is not applied, this is a finding.
$ sudo update-crypto-policies --check
The configured policy matches the generated policy
If the command does not return "The configured policy matches the generated policy", this is a finding.
✔️ Fix
Configure TOSS 5 to implement FIPS mode with the following command:
$ sudo update-crypto-policies --set FIPS:OSPP
Reboot the system for the changes to take effect.