If SSHD is enabled then it _MUST_ be configured to limit the Message Authentication Codes (MACs) to algorithms that are FIPS 140 validated. FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meets federal requirements. Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to cryptographic modules. NOTE: /etc/ssh/sshd_config will be automatically modified to its original state following any update or major upgrade to the operating system. Fix: /usr/bin/grep -q '^MACs' /etc/ssh/sshd_config && /usr/bin/sed -i.bak 's/.*MACs.*/MACs hmac-sha2-256,hmac-sha2-512/' /etc/ssh/sshd_config; /bin/launchctl kickstart -k system/com.openssh.sshd

[hmac-sha2-256,hmac-sha2-512]

/usr/bin/grep -q '^MACs' /etc/ssh/sshd_config && /usr/bin/sed -i.bak 's/.*MACs.*/MACs hmac-sha2-256,hmac-sha2-512/' /etc/ssh/sshd_config; /bin/launchctl kickstart -k system/com.openssh.sshd