STIGQter STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The Cassandra Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

DISA Rule

SV-87295r1_rule

Vulnerability Number

V-72663

Group Title

SRG-APP-000179-DB-000114

Rule Version

VROM-CS-002055

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the Cassandra Server to use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

To enable the FIPS mode of operation, complete the following steps:

Replace the mod_ssl.so with the following command:
cd /usr/lib64/apache2-prefork/
cp mod_ssl.so mod_ssl.so.old
cp mod_ssl.so.FIPSON.openssl1.0.2 mod_ssl.so

Modify your Apache2 configuration by editing the /etc/apache2/ssl-global.conf file.

Search for the <IfModule mod_ssl.c> line and add the SSLFIPS on directive below it.

Reset the Apache configuration with the service apache2 restart command.

Check Contents

Review the Cassandra Server configuration to ensure NIST FIPS 140-2 validated cryptographic modules are used for cryptographic operations.

Review the Apache2 configuration by opening the /etc/apache2/ssl-global.conf file.

Search for the <IfModule mod_ssl.c> line and ensure the SSLFIPS directive is below it. If the SSLFIPS directive is not under the <IfModule mod_ssl.c> line, this is a finding.

Vulnerability Number

V-72663

Documentable

False

Rule Version

VROM-CS-002055

Severity Override Guidance

Review the Cassandra Server configuration to ensure NIST FIPS 140-2 validated cryptographic modules are used for cryptographic operations.

Review the Apache2 configuration by opening the /etc/apache2/ssl-global.conf file.

Search for the <IfModule mod_ssl.c> line and ensure the SSLFIPS directive is below it. If the SSLFIPS directive is not under the <IfModule mod_ssl.c> line, this is a finding.

Check Content Reference

M

Target Key

3179

Comments