STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

FIPS 140-2 mode must be enabled on the SUSE operating system.

DISA Rule

SV-217143r603262_rule

Vulnerability Number

V-217143

Group Title

SRG-OS-000478-GPOS-00223

Rule Version

SLES-12-010420

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To configure the SUSE operating system to run in FIPS mode, add "fips=1" to the kernel parameter during the SUSE operating system install.

Enabling FIPS mode on a preexisting system involves a number of modifications to the SUSE operating system. Refer to section 9.1, "Crypto Officer Guidance", of the following document for installation guidance:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2435.pdf

Check Contents

Verify the SUSE operating system is running in FIPS mode by running the following command.

# cat /proc/sys/crypto/fips_enabled

1

If nothing is returned, the file does not exist, or the value returned is "0", this is a finding.

Vulnerability Number

V-217143

Documentable

False

Rule Version

SLES-12-010420

Severity Override Guidance

Verify the SUSE operating system is running in FIPS mode by running the following command.

# cat /proc/sys/crypto/fips_enabled

1

If nothing is returned, the file does not exist, or the value returned is "0", this is a finding.

Check Content Reference

M

Target Key

4033

Comments