CME-402

FIPS 140-3 Mode

Harden OS/Kernel High Confidence

Description

Enables FIPS-validated cryptographic modules system-wide. Only NIST-approved algorithms are available for all cryptographic operations. Non-compliant operations fail rather than fall back.

CVSS Vector Impacts

Metric	Transition	Rationale
Attack Complexity (AC)	L → H	All crypto operations use validated, audited implementations

CWE Relationships

CWE-327 CWE-326 CWE-328

Verification

Verify FIPS mode is enabled

$ fips-mode-setup --check
# Expected: FIPS mode is enabled

Platform: rhel

$ cat /proc/sys/crypto/fips_enabled
# Expected: 1

Platform: linux

FIPS 140-3 Mode

Description

CVSS Vector Impacts

CWE Relationships

Verification

References