TOSS 5 must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.

Severity
Group ID
Group Title
Version
Rule ID
Date
STIG Version
mediumV-282771SRG-OS-000780-GPOS-00240TOSS-05-000081SV-282771r1201293_rule2026-04-011

Description

A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.

ℹ️ Check

Verify TOSS 5 is using the TPM 2.0 hardware with the following command (if TPM 2.0 hardware is available): $sudo tpm2_pcrread <multiple SHA keys> If the command returns a status of "ERROR", and TPM 2.0 hardware is available, this is a finding.

✔️ Fix

Configure TOSS 5 to provide protected storage for cryptographic keys by enabling TPM hardware, if available.