The tomcat STIG cases will be evaluated for feasibility in the Q4CY21 NetOps release.

In the meantime provided manual steps to enable FIPs mode on tomcat. This will require the tomcat-native package to be installed and a config change

1) Requires tomcat-native package to be installed

This will require the tomcat-native OS package to be installed

yum list tomcat-native
Last metadata expiration check: 20:06:57 ago on Tue 13 Jul 2021 08:00:40 PM UTC.
Installed Packages
tomcat-native.x86_64                       1.2.23-1.el8                    @epel

2) Need to add AprLifecycleListener to the server.xml with FIPs Mode on

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" FIPSMode="on"></Listener>

Example:

3) Restart OneClick Tomcat
     cd $SPECROOT/tomcat/bin
     ./stopTomcat.sh
     ./startTomcat.sh
    

The tomcat catalina.out log will show if FIPs mode is enabled
13-Jul-2021 17:48:28.412 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.23] using APR version [1.6.3].
13-Jul-2021 17:48:28.412 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
13-Jul-2021 17:48:28.412 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
13-Jul-2021 17:48:28.414 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing FIPS mode...
13-Jul-2021 17:48:28.427 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL Successfully entered FIPS mode
13-Jul-2021 17:48:28.427 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1g FIPS  21 Apr 2020]
13-Jul-2021 17:48:28.647 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]