Check: RHEL-09-215075
RHEL 9 STIG:
RHEL-09-215075
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must have the openssl-pkcs11 package installed. (Cat II impact)
Discussion
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. The DOD CAC with DOD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162
Check Content
Verify that RHEL 9 has the openssl-pkcs11 package installed with the following command: $ sudo dnf list --installed openssl-pkcs11 Example output: openssl-pkcs.i686 0.4.11-7.el9 openssl-pkcs.x86_64 0.4.11-7.el9 If the "openssl-pkcs11" package is not installed, this is a finding.
Fix Text
The openssl-pkcs11 package can be installed with the following command: $ sudo dnf install openssl-pkcs11
Additional Identifiers
Rule ID: SV-257838r925501_rule
Vulnerability ID: V-257838
Group Title: SRG-OS-000105-GPOS-00052
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000765 |
The information system implements multifactor authentication for network access to privileged accounts. |
| CCI-001948 |
The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access. |
| CCI-001953 |
The information system accepts Personal Identity Verification (PIV) credentials. |
| CCI-001954 |
The information system electronically verifies Personal Identity Verification (PIV) credentials. |