Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-77813

RHEL8 DISA STIG crypto via sub-policy

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-8.10
    • scap-security-guide
    • None
    • rhel-security-compliance
    • ssg_security
    • 4
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • All
    • None

      What feature are you requesting?

      Requesting a STIG sub-policy for "update-crypto-polices" and an update to the scap-security-guidelines to utilize it when implementing the sub-policy.

      What is the impact of this issue to you?

      when enabling FIPS after a system has had the DISA STIG applied, FIPS overwrites certain changes made by FIPS. there is already an OSPP sub-policy.

      How reproducible is this bug?:

      Steps to reproduce

      1. Have a system with the DISA STIG applied.
      2. Disable FIPS, and then re-enable it.
      3.  

      Expected results

      STIG ciphers remain in place.

      Actual results

      STIG ciphers get replaced with FIPS. DISA STIG removes certain ciphers that FIPS allows.

              vpolasek@redhat.com Vojtech Polasek
              rhn-support-mralph Mike Ralph
              Vojtech Polasek Vojtech Polasek
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: