The HPE 3PAR OS must be configured to initialize its FIPS module to use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-255273 | SRG-OS-000120-GPOS-00061 | HP3P-33-001103 | SV-255273r971535_rule | 2024-08-27 | 2 |
| Description |
|---|
| Unapproved mechanisms used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be compromised. |
| ℹ️ Check |
|---|
| Verify the status of FIPS operation mode: cli% controlsecurity fips status If the output indicates FIPS mode is disabled, this is a finding. If the output shows CIM is disabled, and CIM is an essential service for the mission, this is a finding. If the output shows VASA is disabled, and VASA is an essential service for the mission, this is a finding. If the output shows WSAPI is disabled, and WSAPI is an essential service for the mission, this is a finding. If the output shows any other service status as Disabled, this is a finding. |
| ✔️ Fix |
|---|
| To initialize the FIPS module use: cli% controlsecurity fips enable Warning: Enabling FIPS mode requires restarting all system management interfaces, which will terminate ALL existing connections including this one. When that happens, you must reconnect to continue. Continue enabling FIPS mode (yes/no)? yes After reconnecting, verify FIPS mode with: cli% controlsecurity fips status |