{"description": "To ensure the system can cryptographically verify base software\npackages come from Fedora (and to connect to the Fedora Network to\nreceive them), the Fedora GPG key must properly be installed.\nTo install the Fedora GPG key, run one of the commands below, depending on your Fedora version:\n$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora--primary
\"\n$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora--primary
\"", "rationale": "Changes to software components can have significant effects on the\noverall security of the operating system. This requirement ensures\nthe software has not been tampered with and that it has been provided\nby a trusted vendor. The Fedora GPG key is necessary to\ncryptographically verify packages are from Fedora.\"", "severity": "high", "references": {"cis-csc": ["11", "2", "3", "9"], "cjis": ["5.10.4.1"], "cobit5": ["APO01.06", "BAI03.05", "BAI06.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS06.02"], "cui": ["3.4.8"], "hipaa": ["164.308(a)(1)(ii)(D)", "164.312(b)", "164.312(c)(1)", "164.312(c)(2)", "164.312(e)(2)(i)"], "isa-62443-2009": ["4.3.4.3.2", "4.3.4.3.3", "4.3.4.4.4"], "isa-62443-2013": ["SR 3.1", "SR 3.3", "SR 3.4", "SR 3.8", "SR 7.6"], "iso27001-2013": ["A.11.2.4", "A.12.1.2", "A.12.2.1", "A.12.5.1", "A.12.6.2", "A.14.1.2", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4"], "nist": ["CM-5(3)", "SI-7", "SC-12", "SC-12(3)", "CM-6(a)"], "nist-csf": ["PR.DS-6", "PR.DS-8", "PR.IP-1"], "pcidss": ["Req-6.2"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the Fedora GPG Key is not installed", "ocil": "To ensure that the GPG key is installed, run:\n$ rpm -q --queryformat \"%{SUMMARY}\\n\" gpg-pubkey\nThe command should return one of the strings below:\ngpg(Fedora () <fedora-@fedoraproject.org>)
\ngpg(Fedora () <fedora-@fedoraproject.org>)
\ngpg(Fedora () <fedora-@fedoraproject.org>)
\ngpg(Fedora () <fedora-@fedoraproject.org>)
", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure Fedora GPG Key Installed", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/updating/ensure_fedora_gpgkey_installed/rule.yml", "template": null}