criticalsystemverified ✓
Ensure system-wide crypto policy is not overridden
crypto-policy-not-overridden · RHEL 8 · 1 impl
Description
Individual application crypto settings must not override the system-wide cryptographic policy set by crypto-policies. The policy must be applied consistently across all subsystems.
Rationale
If individual applications override the system-wide crypto policy, they may use weaker algorithms than required. RHEL 8 must be configured so the system-wide policy is enforced for all applications.
Check → Remediate
Checkcommand
update-crypto-policies --show 2>/dev/null
- expected_stdout:
- FIPS
Remediatemanual
- note:
- Review and remove any application-specific crypto policy overrides. Run: update-crypto-policies --set FIPS to apply the FIPS policy. Remove any --set or --set-scope overrides in /etc/crypto-policies/.
Framework references
STIG
V-279932
NIST 800-53
SC-13AC-17
Live verification
rhel8:check
#crypto-policies#fips#cryptography