AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Information

Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.

Satisfies: SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058, SRG-OS-000396-GPOS-00176

Solution

To ensure that 'Protocol 2' is used by sshd, run the following command:

/usr/bin/sudo /usr/bin/sed -i.bak 's/.*Protocol.*/Protocol 2/' /etc/ssh/sshd_config

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_OS_X_10-13_V2R5_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-2(8), 800-53|IA-2(9), 800-53|SC-13, CAT|II, CCI|CCI-001941, CCI|CCI-001942, CCI|CCI-002450, Rule-ID|SV-214878r609363_rule, STIG-ID|AOSX-13-000570, STIG-Legacy|SV-96349, STIG-Legacy|V-81635, Vuln-ID|V-214878

Plugin: Unix

Control ID: 5ff70990b7a23ae32acaeb8ea175838342d0acf9b53131dc3b18e165191d38b2