STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system must configure sshd to use approved encryption algorithms.

DISA Rule

SV-239081r675051_rule

Vulnerability Number

V-239081

Group Title

SRG-OS-000033-GPOS-00014

Rule Version

PHTN-67-000009

Severity

CAT I

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.
• CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.
• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
• CCI-002890 - The information system implements cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.

Weight

10

Fix Recommendation

Open /etc/ssh/sshd_config with a text editor.

Ensure that the "FipsMode" line is uncommented and set to the following:

FipsMode yes

At the command line, execute the following command:

# service sshd reload

Check Contents

At the command line, execute the following command:

# sshd -T|&grep -i FipsMode

Expected result:

FipsMode yes

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239081

Documentable

False

Rule Version

PHTN-67-000009

Severity Override Guidance

At the command line, execute the following command:

# sshd -T|&grep -i FipsMode

Expected result:

FipsMode yes

If the output does not match the expected result, this is a finding.

Check Content Reference

M

Target Key

5323

Comments