GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents - config

Information

File integrity tools often use cryptographic hashes for verifying that file contents have not been altered. These hashes must be FIPS 140-2 approved.

Solution

If using AIDE, edit the configuration and add the sha256 or sha512 option for all monitored files and directories.

If using a different file integrity tool, configure FIPS 140-2 approved cryptographic hashes per the tool's documentation.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R4_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(3), CAT|III, CCI|CCI-001496, Rule-ID|SV-227047r603265_rule, STIG-ID|GEN006575, STIG-Legacy|SV-26861, STIG-Legacy|V-22509, Vuln-ID|V-227047

Plugin: Unix

Control ID: 2cca90e8c25e9dcda8c79c1e4a81da4307b098259a568f5a0c76d9440137dafd