usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-05 17:41:58 +00:00
Code Issues 21 Actions 3 Packages Projects Releases Wiki Activity

FIPS guidance

Browse Source
This commit is contained in:
Allen Golbig
2020-10-06 15:05:44 -04:00
parent 5be43d7f70
commit d3da0b8d85
2 changed files with 8 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rules/os/os_ssh_fips_140_ciphers.yaml
View File

@@ -1,13 +1,11 @@
id: os_ssh_fips_140_ciphers
title: "Limit SSH to FIPS 140 Approved Ciphers"
title: "Limit SSH to FIPS 140 Validated Ciphers"
discussion: |
SSH _MUST_ be configured to limit the ciphers to algorithms that are FIPS 140 approved.
SSH _MUST_ be configured to limit the ciphers to algorithms that are FIPS 140 validated.
FIPS 140-2 is the current standard for approving and validating that mechanisms used to access cryptographic modules utilize authentication that meets federal requirements.
FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meet federal requirements.
Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and system data may be compromised.
Operating systems utilizing encryption _MUST_ use FIPS compliant mechanisms for authenticating to cryptographic modules.
Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to cryptographic modules.
NOTE: /etc/ssh/sshd_config will be automatically modified to its original state following any update or major upgrade to the operating system.
check: |

10
rules/os/os_ssh_fips_140_macs.yaml
View File

@@ -1,13 +1,11 @@
id: os_ssh_fips_140_macs
title: "Limit SSH to FIPS 140 Approved Message Authentication Code Algorithms"
title: "Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms"
discussion: |
SSH _MUST_ be configured to limit the Message Authentication Codes (MACs) to algorithms that are FIPS 140 approved..
SSH _MUST_ be configured to limit the Message Authentication Codes (MACs) to algorithms that are FIPS 140 validated.
FIPS 140-2 is the current standard for approving and validating that mechanisms used to access cryptographic modules utilize authentication that meets federal requirements.
FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meets federal requirements.
Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and system data may be compromised.
Operating systems utilizing encryption _MUST_ use FIPS compliant mechanisms for authenticating to cryptographic modules.
Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to cryptographic modules.
NOTE: /etc/ssh/sshd_config will be automatically modified to its original state following any update or major upgrade to the operating system.
check: |