Check: AIX7-00-003205
IBM AIX 7.x STIG:
AIX7-00-003205
(in versions v3 r1 through v1 r1)
Title
The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials. (Cat II impact)
Discussion
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems. Satisfies: SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162
Check Content
Verify that the " bos.ahafs" package is installed: # lslpp -l |grep bos.ahafs bos.ahafs 7.1.5.15 COMMITTED Aha File System If the "bos.ahafs" package is not installed, this is a finding. Verify "pmfahotplugd" service is running: # lssrc -s pmfahotplugd If the " pmfahotplugd" service is not running, this is a finding.
Fix Text
Install "bos.ahafs" fileset from the PowerSC MFA DVD using the following command (assuming that the DVD device is mounted to /dev/cd0): # installp -aXYgd /dev/cd0 -e /tmp/install.log bos.ahafs Start the "pmfahotplugd" service: # startsrc-s pmfahotplugd
Additional Identifiers
Rule ID: SV-215441r958816_rule
Vulnerability ID: V-215441
Group Title: SRG-OS-000376-GPOS-00161
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001953 |
Accept Personal Identity Verification-compliant credentials. |
CCI-001954 |
Electronically verify Personal Identity Verification-compliant credentials. |
Controls
Number | Title |
---|---|
IA-2(12) |
Acceptance of PIV Credentials |