highsystemverified ✓
Enable FIPS 140-2 mode
fips-mode-enabled · RHEL ≥ 8 · 1 impl
Description
The system must be configured to use FIPS 140-2 validated cryptographic modules for all cryptographic operations.
Rationale
FIPS 140-2 compliance ensures that only validated cryptographic algorithms are used, which is required for processing sensitive government data and meeting federal security requirements.
Check → Remediate
Checkcommand
# STIG-canonical: the kernel FIPS flag. Robust vs hosts lacking the
# fips-mode-setup binary (crypto-policies-scripts not installed).
[ "$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)" = "1" ] || {
echo "FAIL: /proc/sys/crypto/fips_enabled is not 1"; exit 1; }
echo "OK: FIPS mode enabled"; exit 0
- expected_exit:
- 0
Remediatemanual
- note:
- Enable FIPS mode using: fips-mode-setup --enable A system reboot is required after enabling FIPS mode. WARNING: Enabling FIPS may break some applications that rely on non-FIPS approved algorithms.
Framework references
STIG
V-281009 / RHEL-10-000500V-258230
NIST 800-53
SC-12SC-13
Live verification
rhel8:checkrhel9:check
#fips#cryptography#compliance#stig