Update OL09-00-000242 STIG ID status as pending

controls/stig_ol9.yml

@@ -23,7 +23,7 @@
     - id: OL09-00-000001
       levels:
           - medium
       title: The OL 9 operating system must implement cryptographic mechanisms to prevent unauthorized
           modification of all information at rest.
       rules:
           - encrypt_partitions
@@ -40,7 +40,7 @@
     - id: OL09-00-000015
       levels:
           - medium
       title: OL 9 vendor packaged system security patches and updates must be installed and up to date.
       rules:
           - security_patches_up_to_date
       status: automated
@@ -48,7 +48,7 @@
     - id: OL09-00-000090
       levels:
           - medium
       title: OL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local
           or remote access to the system via a command line user logon.
       rules:
           - banner_etc_issue
@@ -69,7 +69,7 @@
           - low
       title: OL 9 must enable the hardware random number generator entropy gatherer service.
       related_rules:
           - service_rngd_enabled  # This rule is causing test failures, See https://github.com/ComplianceAsCode/content/pull/10153
       status: pending
 
     - id: OL09-00-002400
@@ -123,7 +123,7 @@
     - id: OL09-00-000050
       levels:
           - high
       title: OL 9 must require a unique superusers name upon booting into single-user and maintenance
           modes.
       rules:
           - grub2_admin_username
@@ -220,7 +220,7 @@
     - id: OL09-00-002401
       levels:
           - medium
       title: OL 9 must enable kernel parameters to enforce discretionary access control on hardlinks.
       rules:
           - sysctl_fs_protected_hardlinks
       status: automated
@@ -228,7 +228,7 @@
     - id: OL09-00-002402
       levels:
           - medium
       title: OL 9 must enable kernel parameters to enforce discretionary access control on symlinks.
       rules:
           - sysctl_fs_protected_symlinks
       status: automated
@@ -284,7 +284,7 @@
     - id: OL09-00-002423
       levels:
           - medium
       title: OL 9 must implement address space layout randomization (ASLR) to protect its memory from
           unauthorized code execution.
       rules:
           - sysctl_kernel_randomize_va_space
@@ -365,7 +365,7 @@
     - id: OL09-00-000497
       levels:
           - high
       title: OL 9 must check the GPG signature of software packages originating from external software
           repositories before installation.
       rules:
           - ensure_gpgcheck_globally_activated
@@ -374,7 +374,7 @@
     - id: OL09-00-000496
       levels:
           - high
       title: OL 9 must check the GPG signature of locally installed software packages before installation.
       rules:
           - ensure_gpgcheck_local_packages
       status: automated
@@ -3800,10 +3800,14 @@
       levels:
           - high
       title: OL 9 crypto policy must not be overridden.
-      rules:
-          - fips_crypto_policy_symlinks
-          - fips_crypto_policy_symlinks.severity=high
-      status: automated
+      notes: Rules for this control are intentionally not implemented. Checking whether files under /etc/crypto-policies/back-ends/
+        are symlinks is not an appropriate way to verify the consistency of the system's cryptographic settings.
+        The suggested fix mentioned in the STIG does not fully satisfy its own requirements, as it also symlinks the nss.config file.
+        Furthermore, running sudo 'update-crypto-policies --set FIPS' is not a reliable way to ensure FIPS compliance. Customers should
+        refer to the official Oracle Linux Documentation and use the 'fips=1' kernel option during system installation to ensure the system is
+        in FIPS mode.
+        More information https://docs.oracle.com/en/operating-systems/oracle-linux/9/security/configuring_fips_mode.html
+      status: pending
 
     - id: OL09-00-000241
       levels: