Blob Blame History Raw
From 1b7bd47bd8fa3f828aca0bf0add7fc188893ef11 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Tue, 21 Sep 2021 07:44:29 -0500
Subject: [PATCH 1/2] Add STIG references for FIPS

---
 .../integrity/crypto/configure_bind_crypto_policy/rule.yml       | 1 +
 .../software/integrity/crypto/configure_crypto_policy/rule.yml   | 1 +
 .../integrity/crypto/configure_kerberos_crypto_policy/rule.yml   | 1 +
 .../integrity/crypto/configure_libreswan_crypto_policy/rule.yml  | 1 +
 .../software/integrity/fips/enable_dracut_fips_module/rule.yml   | 1 +
 5 files changed, 5 insertions(+)

diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
index 5484e11ad9f..e58c9506083 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
@@ -29,6 +29,7 @@ identifiers:
 references:
     nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1
     nist: SC-13,SC-12(2),SC-12(3)
+    stigid@rhel8: RHEL-08-010020
     srg: SRG-OS-000423-GPOS-00187,SRG-OS-000426-GPOS-00190
 
 ocil_clause: |-
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
index d4ea4db6c14..5eea87ac006 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
@@ -65,6 +65,7 @@ references:
     nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1
     nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
     ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
+    stigid@rhel8: RHEL-08-010020
     srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
 
 ocil_clause: 'cryptographic policy is not configured or is configured incorrectly'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
index b219c9d2801..e1f5e55e8cd 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
@@ -28,6 +28,7 @@ references:
     nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1
     nist: SC-13,SC-12(2),SC-12(3)
     srg: SRG-OS-000120-GPOS-00061
+    stigid@rhel8: RHEL-08-010020
 
 ocil_clause: 'the symlink does not exist or points to a different target'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
index cd03ecf30d1..1fffb2ad2b7 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
@@ -33,6 +33,7 @@ references:
     nist: CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
     ospp: FCS_IPSEC_EXT.1.4,FCS_IPSEC_EXT.1.6
     srg: SRG-OS-000033-GPOS-00014
+    stigid@rhel8: RHEL-08-010020
 
 ocil_clause: |-
     Libreswan is installed and <tt>/etc/ipsec.conf</tt> does not contain <tt>include /etc/crypto-policies/back-ends/libreswan.config</tt>
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
index 9486031be54..fe20c1958a6 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
@@ -30,6 +30,7 @@ references:
     nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1
     nist: SC-12(2),SC-12(3),IA-7,SC-13,CM-6(a),SC-12
     srg: SRG-OS-000478-GPOS-00223
+    stigid@rhel8: RHEL-08-010020
     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
 
 ocil_clause: 'the Dracut FIPS module is not enabled'