Title

The AIX operating system must use Multi Factor Authentication. (Cat II impact)

Discussion

To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000375-GPOS-00160

Check Content

Verify that all required packages are installed: # lslpp -l |grep -i powerscmfa powerscMFA.license 1.2.0.1 COMMITTED PowerSC MFA license files powerscMFA.pam.base 1.2.0.1 COMMITTED PowerSC MFA standard inband powerscMFA.pam.fallback 1.2.0.1 COMMITTED PowerSC MFA Password fallback powerscMFA.pam.pmfamapper 1.2.0.1 COMMITTED USB Smartcard Interface to powerscMFA.pam.usbsmartcard If any of the above packages are not installed, this is a finding.

Fix Text

Install the IBM PowerSC MFA product.

Additional Identifiers

Rule ID: SV-215436r853492_rule

Vulnerability ID: V-215436

Group Title: SRG-OS-000105-GPOS-00052

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.