STIGQter: STIG Summary: VMware Automation 7.x Application Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

vRA must enable FIPS Mode.

DISA Rule

SV-99775r1_rule

Vulnerability Number

V-89125

Group Title

SRG-APP-000179-AS-000129

Rule Version

VRAU-AP-000265

Severity

CAT I

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

FIPS mode in the vRealize Automation virtual appliance management interface can be enabled with the following steps:

1. Log on to the vRealize Automation virtual appliance management interface (vAMI): https://vrealize-automation-appliance-FQDN:5480
2. Select vRA Settings >> Host Settings.
3. Click the button under the "Actions" heading on the upper right to enable or disable FIPS.
4. Click "Yes" to restart the vRealize Automation appliance.

Alternately, FIPS mode can be enabled in the command line using the following steps:
1. Log on to the console as root.
2. Run the command: vcac-vami fips enable

Check Contents

Check that FIPS mode is enabled in the vRealize Automation virtual appliance management interface with the following steps:

1. Log on to the vRealize Automation virtual appliance management interface (vAMI): https://vrealize-automation-appliance-FQDN:5480
2. Select vRA Settings >> Host Settings.
3. Review the button under the Actions heading on the upper right to confirm that "enable FIPS" is selected.

If "enable FIPS" is not selected, this is a finding.

Alternately, check that FIPS mode is enabled in the command line using the following steps:

1. Log on to the console as root.
2. Run the command: vcac-vami fips status

If FIPS is not enabled, this is a finding.

Vulnerability Number

V-89125

Documentable

False

Rule Version

VRAU-AP-000265

Severity Override Guidance

Check that FIPS mode is enabled in the vRealize Automation virtual appliance management interface with the following steps:

1. Log on to the vRealize Automation virtual appliance management interface (vAMI): https://vrealize-automation-appliance-FQDN:5480
2. Select vRA Settings >> Host Settings.
3. Review the button under the Actions heading on the upper right to confirm that "enable FIPS" is selected.

If "enable FIPS" is not selected, this is a finding.

Alternately, check that FIPS mode is enabled in the command line using the following steps:

1. Log on to the console as root.
2. Run the command: vcac-vami fips status

If FIPS is not enabled, this is a finding.

Check Content Reference

M

Target Key

3447

Comments