RHEL-09-611160 - RHEL 9 must use the common access card (CAC) smart card driver.

Information

Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards.

Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

Solution

Configure RHEL 9 to load the CAC driver.

Add or modify the following line in the '/etc/opensc.conf' file:

card_drivers = cac;

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V2R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, 800-53|IA-2(1), 800-53|IA-2(2), 800-53|IA-2(8), CAT|II, CCI|CCI-000764, CCI|CCI-000765, CCI|CCI-000766, CCI|CCI-001941, CCI|CCI-004045, Rule-ID|SV-258121r997105_rule, STIG-ID|RHEL-09-611160, Vuln-ID|V-258121

Plugin: Unix

Control ID: 2238c22aba63254056568f93241a469e313ba8b7760a6ca20b6cf13ac82b1e47