SRG-OS-000120-GPOS-00061 Controls

STIG IDVersionTitleProduct
RHEL-08-010160V1R6The RHEL 8 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
RHEL-08-010161V1R6RHEL 8 must prevent system daemons from using Kerberos for authentication.
RHEL-08-010162V1R6The krb5-workstation package must not be installed on RHEL 8.
RHEL-08-010163V1R6The krb5-server package must not be installed on RHEL 8.
RHEL-08-010159V1R6The RHEL 8 pam_unix.so module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
SLES-15-010250V1R4The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (system-auth).
SLES-15-010260V1R4The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).
WN19-SO-000290V3R1Windows Server 2019 Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.
UBTU-18-010110V2R12The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all created and stored passwords.
UBTU-20-010404V1R6The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
SLES-12-010210V3R1The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).
ALMA-09-039290V1R1AlmaLinux OS 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
ALMA-09-039400V1R1AlmaLinux OS 9 must prevent system daemons from using Kerberos for authentication.
ALMA-09-039510V1R1The libreswan package must be installed.
ALMA-09-039620V1R1AlmaLinux OS 9 must have the packages required for encrypting offloaded audit logs installed.
OL08-00-010159V1R6The OL 8 "pam_unix.so" module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
OL08-00-010160V1R6The OL 8 "pam_unix.so" module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
OL08-00-010161V1R6OL 8 must prevent system daemons from using Kerberos for authentication.
OL08-00-010162V1R6The krb5-workstation package must not be installed on OL 8.
OL08-00-010163V1R6The krb5-server package must not be installed on OL 8.
OL09-00-000355V1R1OL 9 must have the packages required for encrypting offloaded audit logs installed.
OL09-00-000410V1R1OL 9 must have the libreswan package installed.
OL09-00-002424V1R1OL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
OL09-00-002429V1R1OL 9 must prevent system daemons from using Kerberos for authentication.
UBTU-24-400400V1R1Ubuntu 24.04 LTS must encrypt all stored passwords with a FIPS 140-3 approved cryptographic hashing algorithm.
UBTU-22-611070V1R1Ubuntu 22.04 LTS must encrypt all stored passwords with a FIPS 140-3-approved cryptographic hashing algorithm.
WN11-CC-000052V1R6Windows 11 must be configured to prioritize ECC Curves with longer key lengths first.
WN11-SO-000190V1R6Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.
RHEL-09-611205V1R1RHEL 9 must prevent system daemons from using Kerberos for authentication.
RHEL-09-672025V1R1RHEL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
WN10-CC-000052V3R1Windows 10 must be configured to prioritize ECC Curves with longer key lengths first.
WN10-SO-000190V3R1Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.
WN16-SO-000350V2R9Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.
WN22-SO-000290V2R5Windows Server 2022 Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.