if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then
while true; do
@@ -45,7 +45,7 @@ rationale: |-
access to the operating system ensures privacy and security notification
verbiage used is consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance.
-
+
severity: medium
ocil_clause: 'it does not display the required banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/banner_etc_gdm_banner/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/banner_etc_gdm_banner/rule.yml
index 9cce04ec9ae5..35e3d0b04ef1 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/banner_etc_gdm_banner/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/banner_etc_gdm_banner/rule.yml
@@ -8,33 +8,6 @@ description: |-
Replace the default text with a message compliant with the local site
policy or a legal disclaimer.
- The DoD required text is either:
-
- You are accessing a U.S. Government (USG) Information System (IS) that
- is provided for USG-authorized use only. By using this IS (which includes
- any device attached to this IS), you consent to the following conditions:
-
-The USG routinely intercepts and monitors communications on this IS
- for purposes including, but not limited to, penetration testing, COMSEC
- monitoring, network operations and defense, personnel misconduct (PM), law
- enforcement (LE), and counterintelligence (CI) investigations.
-
-At any time, the USG may inspect and seize data stored on this IS.
-
-Communications using, or data stored on, this IS are not private,
- are subject to routine monitoring, interception, and search, and may be
- disclosed or used for any USG-authorized purpose.
-
-This IS includes security measures (e.g., authentication and access
- controls) to protect USG interests -- not for your personal benefit or
- privacy.
-
-Notwithstanding the above, using this IS does not constitute consent
- to PM, LE or CI investigative searching or monitoring of the content of
- privileged communications, or work product, related to personal
- representation or services by attorneys, psychotherapists, or clergy, and
- their assistants. Such communications and work product are private and
- confidential. See User Agreement for details.
-
- OR:
-
- I've read & consent to terms in IS user agreem't.
-
rationale: |-
Display of a standardized and approved use notification before granting
access to the operating system ensures privacy and security notification
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
index 849d62a869ed..b08dcdac4b40 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
@@ -1,7 +1,7 @@
documentation_complete: true
-title: 'Configure GnuTLS library to use DoD-approved TLS Encryption'
+title: 'Configure GnuTLS library to use Approved TLS Encryption'
description: |-
Crypto Policies provide a centralized control over crypto algorithms usage of many packages.
@@ -33,17 +33,17 @@ references:
ocil_clause: 'cryptographic policy for gnutls is not configured or is configured incorrectly'
ocil: |-
- To verify if GnuTLS uses defined DoD-approved TLS Crypto Policy, run:
+ To verify if GnuTLS uses the defined approved TLS Crypto Policy, run:
$ sudo grep
'+VERS-ALL:-VERS-DTLS0.9:-VERS-TLS1.1:-VERS-TLS1.0:-VERS-SSL3.0:-VERS-DTLS1.0'
/etc/crypto-policies/back-ends/gnutls.config and verify that a match exists.
fixtext: |-
- Configure the {{{ full_name }}} GnuTLS library to use only DoD-approved encryption by adding the following line to "/etc/crypto-policies/back-ends/gnutls.config":
+ Configure the {{{ full_name }}} GnuTLS library to use only approved encryption by adding the following line to "/etc/crypto-policies/back-ends/gnutls.config":
+VERS-ALL:-VERS-DTLS0.9:-VERS-TLS1.1:-VERS-TLS1.0:-VERS-SSL3.0:-VERS-DTLS1.0
A reboot is required for the changes to take effect.
srg_requirement:
- {{{ full_name }}} must implement DoD-approved TLS encryption in the GnuTLS package.
+ {{{ full_name }}} must implement approved TLS encryption in the GnuTLS package.
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
index 38d109e4f6d3..481041d37628 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
@@ -23,8 +23,8 @@ rationale: |-
a vendor. This ensures the software has not been tampered with and that it
has been provided by a trusted vendor. Self-signed certificates are
disallowed by this requirement. The operating system should not have
- to verify the software again. NOTE: For U.S. Military systems, this
- requirement does not mandate DoD certificates for this purpose; however,
+ to verify the software again. NOTE: For regulated systems, this requirement
+ does not mandate organization-specific certificates for this purpose; however,
the certificate used to verify the software must be from an approved
Certificate Authority.