The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
high	V-258806	SRG-OS-000033-GPOS-00014	PHTN-40-000013	SV-258806r958408_rule	2024-07-11	2

Description
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. OpenSSH on the Photon operating system when configured appropriately can utilize a FIPS validated OpenSSL for cryptographic operations. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000423-GPOS-00187, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190

Description

Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. OpenSSH on the Photon operating system when configured appropriately can utilize a FIPS validated OpenSSL for cryptographic operations. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000423-GPOS-00187, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190

ℹ️ Check
At the command line, run the following command to verify the OpenSSL FIPS provider is installed: # rpm -qa \| grep openssl-fips Example result: openssl-fips-provider-3.0.3-1.ph4.x86_64 If there is no output indicating that the OpenSSL FIPS provider is installed, this is a finding.

✔️ Fix
At the command line, run the following command: # tdnf install openssl-fips-provider