Check: AZLX-23-001125
Amazon Linux 2023 STIG:
AZLX-23-001125
(in version v1 r1)
Title
Amazon Linux 2023 must have the opensc package installed. (Cat II impact)
Discussion
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. The DOD has mandated the use of the Common Access Card (CAC) to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems. Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161
Check Content
Verify Amazon Linux 2023 has the opensc package installed with the following command: $ sudo dnf list --installed opensc Installed Packages opensc.x86_64 0.24.0-1.amzn2023.0.4 @amazonlinux If the "opensc" package is not installed, this is a finding.
Fix Text
Configure Amazon Linux 2023 to have the opensc package installed with the following command: $ sudo dnf install -y opensc
Additional Identifiers
Rule ID: SV-274036r1120096_rule
Vulnerability ID: V-274036
Group Title: SRG-OS-000375-GPOS-00160
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001953 |
Accept Personal Identity Verification-compliant credentials. |
| CCI-004046 |
Implement multi-factor authentication for local; network; and/or remote access to privileged accounts; and/or non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access. |