Check: RHEL-09-611185
RHEL 9 STIG:
RHEL-09-611185
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must have the opensc package installed. (Cat II impact)
Discussion
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. The DOD has mandated the use of the Common Access Card (CAC) to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems. Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161
Check Content
Verify that RHEL 9 has the opensc package installed with the following command: $ sudo dnf list --installed opensc Example output: opensc.x86_64 0.22.0-2.el9 If the "opensc" package is not installed, this is a finding.
Fix Text
The opensc package can be installed with the following command: $ sudo dnf install opensc
Additional Identifiers
Rule ID: SV-258126r926365_rule
Vulnerability ID: V-258126
Group Title: SRG-OS-000375-GPOS-00160
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001948 |
The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access. |
| CCI-001953 |
The information system accepts Personal Identity Verification (PIV) credentials. |