DISA STIGS Viewer

Finding ID	Version	Rule ID	IA Controls	Severity
V-268144	ANIX-00-001010	SV-268144r1039320_rule		High

Description

Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system. This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information. Satisfies: SRG-OS-000185-GPOS-00079, SRG-OS-000404-GPOS-00183, SRG-OS-000405-GPOS-00184, SRG-OS-000780-GPOS-00240

STIG	Date
Anduril NixOS Security Technical Implementation Guide	2024-10-25

Check Text (C-72068r1039318_chk)

Verify NixOS prevents unauthorized disclosure or modification of all information requiring at-rest protection by using disk encryption. Verify all system partitions are encrypted with the following command: $ sudo blkid /dev/sda1: LABEL="nixos" UUID="67b7d7fe-de60-6fd0-befb-e6748cf97743" TYPE="crypto_LUKS" Every persistent disk partition present must be of type "crypto_LUKS". If any partitions other than the boot partition or pseudo file systems (such as /proc or /sys) are not type "crypto_LUKS", ask the administrator to indicate how the partitions are encrypted. If there is no evidence that these partitions are encrypted, this is a finding.

Fix Text (F-71971r1039319_fix)

Configure NixOS to prevent unauthorized modification of all information at rest by using disk encryption. Encrypting a partition in an already installed system is more difficult, because existing partitions will need to be resized and changed. To encrypt an entire partition, dedicate a partition for encryption in the partition layout. Refer to the NixOS manual Section 8.1 "LUKS-Encrypted File Systems" for further details. NixOS Wiki: https://nixos.wiki/wiki/Full_Disk_Encryption