← Rules Catalog
highsystemverified rollback-safe

Disable weak cryptographic algorithms

crypto-policy-no-weak · RHEL ≥ 8 · 1 impl

Description

The system must not allow the use of weak cryptographic algorithms such as DES, 3DES, RC4, or MD5 for cryptographic operations.

Rationale

Weak cryptographic algorithms can be broken with modern computing power, compromising the confidentiality and integrity of encrypted data. Only strong algorithms should be permitted.

Check → Remediate

Checkcommand
update-crypto-policies --show | grep -qvE 'LEGACY|DEFAULT:.*weak'
expected_exit:
0
Remediatecrypto_policy_set
policy:
DEFAULT

Framework references

CIS

rhel9 1.6.1rhel8 1.6.1rhel10 1.6.1

STIG

V-257995

NIST 800-53

SC-12SC-13

Live verification

rhel10:checkrhel8:checkrhel9:check
#crypto-policy#cryptography#weak-algorithms#stig