An error occurred:

Check: RHEL-09-611180

RHEL 9 STIG: RHEL-09-611180 (in versions v2 r4 through v2 r3)

Title

The pcscd service on RHEL 9 must be active. (Cat II impact)

Discussion

The information system ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device. The daemon program for pcsc-lite and the MuscleCard framework is pcscd. It is a resource manager that coordinates communications with smart card readers and smart cards and cryptographic tokens that are connected to the system.

Check Content

Verify that the "pcscd" socket is active with the following command: $ systemctl is-active pcscd.socket active If the pcscd socket is not active, this is a finding.

Fix Text

To enable the pcscd socket, run the following command: $ sudo systemctl enable --now pcscd.socket

Additional Identifiers

Rule ID: SV-258125r1045253_rule

Vulnerability ID: V-258125

Group Title: SRG-OS-000375-GPOS-00160

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001948

The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
CCI-004046

Implement multi-factor authentication for local; network; and/or remote access to privileged accounts; and/or non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-2(11)

Remote Access - Separate Device