remov enable_fips_mode rule entirely

vojtapolasek · vojtapolasek · commit 0a036fab2024 · 2026-02-13T10:26:31.000+01:00
Per the STIG prose, the requirement does not exist there anymore. Or more exactly, it is covered by implementing proper FIPS crypto policy.
diff --git a/products/rhel8/controls/stig_rhel8.yml b/products/rhel8/controls/stig_rhel8.yml
@@ -70,8 +70,6 @@ controls:
           - var_authselect_profile=sssd
           - var_multiple_time_servers=stig
           - var_time_service_set_maxpoll=18_hours
-            # Enable / Configure FIPS
-          - enable_fips_mode
             # Other needed rules
           - enable_authselect
 
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
@@ -170,7 +170,6 @@ disable_users_coredumps
 disallow_bypass_password_sudo
 display_login_attempts
 enable_authselect
-enable_fips_mode
 enable_gpgcheck_for_all_repositories
 encrypt_partitions
 ensure_epel_repos_disabled
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -170,7 +170,6 @@ disable_users_coredumps
 disallow_bypass_password_sudo
 display_login_attempts
 enable_authselect
-enable_fips_mode
 enable_gpgcheck_for_all_repositories
 encrypt_partitions
 ensure_epel_repos_disabled
