Navigate

Check: RHEL-09-611180

RHEL 9 STIG: RHEL-09-611180 (in versions v1 r3 through v1 r1)

Title

The pcscd service on RHEL 9 must be active. (Cat II impact)

Discussion

The information system ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device. The daemon program for pcsc-lite and the MuscleCard framework is pcscd. It is a resource manager that coordinates communications with smart card readers and smart cards and cryptographic tokens that are connected to the system.

Check Content

Verify that the "pcscd" service is active with the following command: $ systemctl is-active pcscd active If the pcscdservice is not active, this is a finding.

Fix Text

To enable the pcscd service run the following command: $ sudo systemctl enable --now pcscd

Additional Identifiers

Rule ID: SV-258125r926362_rule

Vulnerability ID: V-258125

Group Title: SRG-OS-000375-GPOS-00160

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001948	The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-2 (11)	Remote Access - Separate Device