← Rules Catalog
highsystemverified

Enable FIPS 140-2 mode

fips-mode-enabled · RHEL ≥ 8 · 1 impl

Description

The system must be configured to use FIPS 140-2 validated cryptographic modules for all cryptographic operations.

Rationale

FIPS 140-2 compliance ensures that only validated cryptographic algorithms are used, which is required for processing sensitive government data and meeting federal security requirements.

Check → Remediate

Checkcommand
# STIG-canonical: the kernel FIPS flag. Robust vs hosts lacking the
# fips-mode-setup binary (crypto-policies-scripts not installed).
[ "$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)" = "1" ] || {
  echo "FAIL: /proc/sys/crypto/fips_enabled is not 1"; exit 1; }
echo "OK: FIPS mode enabled"; exit 0
expected_exit:
0
Remediatemanual
note:
Enable FIPS mode using: fips-mode-setup --enable A system reboot is required after enabling FIPS mode. WARNING: Enabling FIPS may break some applications that rely on non-FIPS approved algorithms.

Framework references

STIG

V-281009 / RHEL-10-000500V-258230

NIST 800-53

SC-12SC-13

Live verification

rhel8:checkrhel9:check
#fips#cryptography#compliance#stig