Rule ID
SV-240806r879616_rule
Version
V2R3
CCIs
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised due to weak algorithms. FIPS 140-2 is the current standard for validating cryptographic modules and NSA Type-X (where X=1, 2, 3, 4) products are NSA-certified, hardware-based encryption modules. vRA relies upon the OpenSSL suite of encryption libraries. A special carefully defined software component called the OpenSSL FIPS Object Module has been created from the OpenSSL libraries to provide FIPS 140-2 validated encryption. This Module was designed for compatibility with OpenSSL so that products using the OpenSSL API can be converted to use validated cryptography with minimal effort.
At the command prompt, execute the following command: grep bio-ssl.cipher.list /opt/vmware/horizon/workspace/conf/catalina.properties If the value of "bio-ssl.cipher.list" does not match the list of FIPS 140-2 ciphers or is missing, this is a finding. Note: To view a list of FIPS 140-2 ciphers, at the command prompt execute the following command: openssl ciphers 'FIPS'
Navigate to and open /opt/vmware/horizon/workspace/conf/catalina.properties. Navigate to and locate "bio-ssl.cipher.list". Configure the "bio-ssl.cipher.list" with FIPS 140-2 compliant ciphers.