STIGQter STIGQter: STIG Summary: Canonical Ubuntu 16.04 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020: All persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.

DISA Rule

SV-90189r1_rule

Vulnerability Number

V-75509

Group Title

SRG-OS-000185-GPOS-00079

Rule Version

UBTU-16-010400

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to prevent unauthorized modification of all information at rest by using disk encryption.

Encrypting a partition in an already-installed system is more difficult, because you need to resize and change existing partitions. To encrypt an entire partition, dedicate a partition for encryption in the partition layout.

Check Contents

Verify the Ubuntu operating system prevents unauthorized disclosure or modification of all information requiring at rest protection by using disk encryption.

If there is a documented and approved reason for not having data-at-rest encryption, this requirement is Not Applicable.

Determine the partition layout for the system with the following command:

# fdisk –l

Verify that the system partitions are all encrypted with the following command:

# more /etc/crypttab

Every persistent disk partition present must have an entry in the file. If any partitions other than pseudo file systems (such as /proc or /sys) are not listed, this is a finding.

Vulnerability Number

V-75509

Documentable

False

Rule Version

UBTU-16-010400

Severity Override Guidance

Verify the Ubuntu operating system prevents unauthorized disclosure or modification of all information requiring at rest protection by using disk encryption.

If there is a documented and approved reason for not having data-at-rest encryption, this requirement is Not Applicable.

Determine the partition layout for the system with the following command:

# fdisk –l

Verify that the system partitions are all encrypted with the following command:

# more /etc/crypttab

Every persistent disk partition present must have an entry in the file. If any partitions other than pseudo file systems (such as /proc or /sys) are not listed, this is a finding.

Check Content Reference

M

Target Key

3075

Comments