SRG-OS-000033-GPOS-00014 Controls

STIG IDVersionTitleProduct
RHEL-08-010020V1R6RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
RHEL-08-040161V1R6RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.
SLES-15-010160V1R4The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections.
WN19-CC-000370V3R1Windows Server 2019 Remote Desktop Services must require secure Remote Procedure Call (RPC) communications.
WN19-CC-000380V3R1Windows Server 2019 Remote Desktop Services must be configured with the client connection encryption set to High Level.
UBTU-18-010411V2R12The Ubuntu operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
APPL-14-000054V1R1The macOS system must limit SSHD to FIPS-compliant connections.
APPL-14-000057V1R1The macOS system must limit SSH to FIPS-compliant connections.
APPL-13-000054V1R5The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.
APPL-13-000055V1R5The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.
APPL-13-000056V1R5The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.
APPL-13-000057V1R5The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.
APPL-13-000058V1R5The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.
APPL-13-000059V1R5The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.
OL07-00-021350V3R1The Oracle Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
OL07-00-040110V3R1The Oracle Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections.
OL07-00-040712V3R1The Oracle Linux operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.
RHEL-07-021350V3R6The Red Hat Enterprise Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
RHEL-07-040110V3R6The Red Hat Enterprise Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections.
SLES-12-030170V3R1The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections.
APPL-15-000054V1R1The macOS system must limit SSHD to FIPS-compliant connections.
APPL-15-000057V1R1The macOS system must limit SSH to FIPS-compliant connections.
ALMA-09-003650V1R1AlmaLinux OS 9 must force a frequent session key renegotiation for SSH connections to the server.
ALMA-09-003870V1R1AlmaLinux OS 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms.
ALMA-09-004310V1R1AlmaLinux OS 9 must use the TuxCare FIPS repository.
ALMA-09-004320V1R1AlmaLinux OS 9 must use the TuxCare FIPS packages and not the default encryption packages.
ALMA-09-004420V1R1AlmaLinux OS 9 must enable FIPS mode.
OL08-00-010020V1R6OL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
OL08-00-040161V1R6OL 8 must force a frequent session key renegotiation for SSH connections to the server.
OL09-00-000070V1R1OL 9 must enable FIPS mode.
OL09-00-002404V1R1OL 9 IP tunnels must use 140-3 approved cryptographic algorithms.
UBTU-24-100820V1R1Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100840V1R1Ubuntu 24.04 LTS SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms.
UBTU-22-255050V1R1Ubuntu 22.04 LTS must configure the SSH daemon to use FIPS 140-3-approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-22-255060V1R1Ubuntu 22.04 LTS SSH server must be configured to use only FIPS-validated key exchange algorithms.
WN11-CC-000290V1R6Remote Desktop Services must be configured with the client connection encryption set to the required level.
RHEL-09-671010V2R5RHEL 9 must enable FIPS mode.
RHEL-09-671020V2R5RHEL 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms.
WN10-CC-000290V3R1Remote Desktop Services must be configured with the client connection encryption set to the required level.
WN16-SO-000430V2R9Windows Server 2016 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing.
WN22-CC-000370V2R5Windows Server 2022 Remote Desktop Services must require secure Remote Procedure Call (RPC) communications.
WN22-CC-000380V2R5Windows Server 2022 Remote Desktop Services must be configured with the client connection encryption set to High Level.