STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

DISA Rule

SV-215216r517598_rule

Vulnerability Number

V-215216

Group Title

SRG-OS-000120-GPOS-00061

Rule Version

AIX7-00-001108

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Use the following command to uninstall the old version of OpenSSL that is not FIPS 140-2 certified, then install OpenSSL VRMF 20.13.102.1000:
# smitty install

Check Contents

Run the following command to determine the version of OpenSSL that is installed:

# lslpp -l | grep -i openssl
openssl.base 20.13.704.1776 COMMITTED Open Secure Socket Layer

If the OpenSSL version is older than "20.13.102.1000", this is a finding.

Vulnerability Number

V-215216

Documentable

False

Rule Version

AIX7-00-001108

Severity Override Guidance

Run the following command to determine the version of OpenSSL that is installed:

# lslpp -l | grep -i openssl
openssl.base 20.13.704.1776 COMMITTED Open Secure Socket Layer

If the OpenSSL version is older than "20.13.102.1000", this is a finding.

Check Content Reference

M

Target Key

4012

Comments