[ ] RHEL-06-000534 V-97229 fips=1 in the kernel cmdline
[ ] RHEL-06-000244 V-97231 FIPS compliant MACs in sshd_config
UPDATED
[x] RHEL-06-000078 thru RHEL-06-000099 sysctl --system to enforce sysctl params, sysctl.d files are fine, too (I didn't verify our fixes for these, but this change is just a clarification)
[x] RHEL-06-000067 V-38583 Removes check for UEFI grub.conf permissions (I didn't verify our fix, but this change is a relaxing of the previous rule, so any deficiency should be in an already-open ticket.)
[ ] RHEL-06-000223 V-38609 tftp okay if documented and approved by ISSO
[ ] RHEL-06-000243 V-38617 sshd_config: removes cbc-mode ciphers from the example list in favor of ctr ciphers, but check does not meaningfully change "fips approved" is the requirement:
NEW
fips=1
in the kernel cmdlineUPDATED
sysctl --system
to enforce sysctl params, sysctl.d files are fine, too (I didn't verify our fixes for these, but this change is just a clarification)https://vaulted.io/library/disa-stigs-srgs/red_hat_enterprise_linux_6_security_technical_implementation_guide?version=V1R23&compareto=V1R24