@aaron This is an industry standard for computer systems that process or store data related to any Government business in the US. It is a rather large set of requirements and guidelines that are supposed to bring together best practices from cyber-security experts with an aim to secure systems.
Two specific guidelines are that only approved cryptographic algorithms are permitted and two factor authentication is required.
Red Hat Enterprise Linux (and other derivatives) enforce the cryptographic part by providing a kernel argument ‘fips=1’. That flag disables all non-approved cryptographic algorithms such as MD5 or SHA1 and requires newer more secure versions be used. This is a flag that is supposed to be enabled when you install the operating system and left enabled. Technically it will cause all libraries that use non approved algorithms to return error codes.
As far as two factor, I have setup my machine to use the Red Hat Identity Server which is based off of FreeIPA. Unfortunately I have not found a way for that to work with Thinlinc either. I believe FreeIPA integrates with PAM / SSSD and requires ‘AuthenticationMethods publickey,password:pam publickey,keyboard-interactive:pam’. However this does not work with Thinlnc.