GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents - config

Information

File integrity tools often use cryptographic hashes for verifying that file contents have not been altered. These hashes must be FIPS 140-2 approved.

Solution

If using AIDE, edit the configuration and add the sha256 or sha512 option for all monitored files and directories.

If using a different file integrity tool, configure FIPS 140-2 approved cryptographic hashes per the tool's documentation.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(3), CAT|III, CCI|CCI-001496, Rule-ID|SV-227955r603266_rule, STIG-ID|GEN006575, STIG-Legacy|SV-26861, STIG-Legacy|V-22509, Vuln-ID|V-227955

Plugin: Unix

Control ID: ec46f6b60ff0b5b4b576f18bd332676ca45cb562425224f8b88f0988ecda32aa