Title

The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials. (Cat II impact)

Discussion

The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems. Satisfies: SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162

Check Content

Verify that the " bos.ahafs" package is installed: # lslpp -l |grep bos.ahafs bos.ahafs 7.1.5.15 COMMITTED Aha File System If the "bos.ahafs" package is not installed, this is a finding. Verify "pmfahotplugd" service is running: # lssrc -s pmfahotplugd If the " pmfahotplugd" service is not running, this is a finding.

Fix Text

Install "bos.ahafs" fileset from the PowerSC MFA DVD using the following command (assuming that the DVD device is mounted to /dev/cd0): # installp -aXYgd /dev/cd0 -e /tmp/install.log bos.ahafs Start the "pmfahotplugd" service: # startsrc-s pmfahotplugd

Additional Identifiers

Rule ID: SV-215441r853493_rule

Vulnerability ID: V-215441

Group Title: SRG-OS-000376-GPOS-00161

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.