AlmaLinux OS 9 must implement a systemwide encryption policy.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-269418	SRG-OS-000394-GPOS-00174	ALMA-09-040060	SV-269418r1050301_rule	2025-02-20	1

Description
Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. Satisfies: SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176

ℹ️ Check
Verify that the AlmaLinux OS 9 cryptography policy has been configured correctly with the following commands: $ update-crypto-policies --show FIPS If the cryptography is not set to "FIPS" and is not applied, this is a finding. $ update-crypto-policies --check The configured policy matches the generated policy. If the command does not return "The configured policy matches the generated policy", this is a finding.

ℹ️ Check

Verify that the AlmaLinux OS 9 cryptography policy has been configured correctly with the following commands: $ update-crypto-policies --show FIPS If the cryptography is not set to "FIPS" and is not applied, this is a finding. $ update-crypto-policies --check The configured policy matches the generated policy. If the command does not return "The configured policy matches the generated policy", this is a finding.

✔️ Fix
Configure the operating system to implement FIPS mode with the following command: $ fips-mode-setup --enable Reboot the system for the changes to take effect.