GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents.

Information

File integrity tools often use cryptographic hashes for verifying that file contents have not been altered. These hashes must be FIPS 140-2 approved.

Solution

If using AIDE, edit the configuration and add the 'sha512' option for all monitored files and directories.

If using a different file integrity tool, configure FIPS 140-2 approved cryptographic hashes per the tool's documentation.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-9(3), 800-53|SI-7, CAT|III, CCI|CCI-001297, CCI|CCI-001496, Rule-ID|SV-218670r603259_rule, STIG-ID|GEN006575, STIG-Legacy|SV-63653, STIG-Legacy|V-22509, Vuln-ID|V-218670

Plugin: Unix

Control ID: 831b8234d568204698f2dcd6f06dd03bb10400f623d70b10d6505754156110f3