Merge pull request #14689 from Mab879/fix_14669

jan-cerny · web-flow · commit 835f16614684 · 2026-05-06T10:44:14.000+02:00
Add var_system_crypto_policy to RHEL9 STIG profiles
diff --git a/products/rhel9/controls/stig_rhel9.yml b/products/rhel9/controls/stig_rhel9.yml
@@ -592,6 +592,7 @@ controls:
           - configure_crypto_policy
           - fips_crypto_subpolicy
           - fips_custom_stig_sub_policy
+          - var_system_crypto_policy=fips_stig
       status: automated
 
     - id: RHEL-09-231010
diff --git a/tests/data/profile_stability/rhel9/stig.profile b/tests/data/profile_stability/rhel9/stig.profile
@@ -540,6 +540,7 @@ var_sshd_disable_compression=no
 var_sshd_set_keepalive=1
 var_sssd_certificate_verification_digest_function=sha512
 var_sudo_timestamp_timeout=always_prompt
+var_system_crypto_policy=fips_stig
 var_time_service_set_maxpoll=18_hours
 var_user_initialization_files_regex=all_dotfiles
 wireless_disable_interfaces
diff --git a/tests/data/profile_stability/rhel9/stig_gui.profile b/tests/data/profile_stability/rhel9/stig_gui.profile
@@ -538,6 +538,7 @@ var_sshd_disable_compression=no
 var_sshd_set_keepalive=1
 var_sssd_certificate_verification_digest_function=sha512
 var_sudo_timestamp_timeout=always_prompt
+var_system_crypto_policy=fips_stig
 var_time_service_set_maxpoll=18_hours
 var_user_initialization_files_regex=all_dotfiles
 wireless_disable_interfaces
