From 7e962093d5bfbc32de1d41da5ee3ad9f5dbd3c5b Mon Sep 17 00:00:00 2001
From: Armando Acosta <armando.acosta@oracle.com>
Date: Wed, 10 Jun 2026 14:08:37 -0600
Subject: [PATCH] Update OL09-00-000242 STIG ID status as pending

Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
---
 controls/stig_ol9.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/controls/stig_ol9.yml b/controls/stig_ol9.yml
index 7f7303b0949..74da77642a6 100644
--- a/controls/stig_ol9.yml
+++ b/controls/stig_ol9.yml
@@ -3800,10 +3800,14 @@ controls:
       levels:
           - high
       title: OL 9 crypto policy must not be overridden.
-      rules:
-          - fips_crypto_policy_symlinks
-          - fips_crypto_policy_symlinks.severity=high
-      status: automated
+      notes: Rules for this control are intentionally not implemented. Checking whether files under /etc/crypto-policies/back-ends/
+        are symlinks is not an appropriate way to verify the consistency of the system's cryptographic settings.
+        The suggested fix mentioned in the STIG does not fully satisfy its own requirements, as it also symlinks the nss.config file.
+        Furthermore, running sudo 'update-crypto-policies --set FIPS' is not a reliable way to ensure FIPS compliance. Customers should
+        refer to the official Oracle Linux Documentation and use the 'fips=1' kernel option during system installation to ensure the system is
+        in FIPS mode.
+        More information https://docs.oracle.com/en/operating-systems/oracle-linux/9/security/configuring_fips_mode.html
+      status: pending
 
     - id: OL09-00-000241
       levels: