Title

RHEL 9 must have the openssl-pkcs11 package installed. (Cat II impact)

Discussion

Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. The DOD common access card (CAC) with DOD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162

Check Content

Note: If the system administrator demonstrates the use of an approved alternate multifactor authentication method, this requirement is Not Applicable. Verify that RHEL 9 has the openssl-pkcs11 package installed with the following command: $ dnf list --installed openssl-pkcs11 Example output: openssl-pkcs.i686 0.4.11-7.el9 openssl-pkcs.x86_64 0.4.11-7.el9 If the "openssl-pkcs11" package is not installed, this is a finding.

Fix Text

The openssl-pkcs11 package can be installed with the following command: $ sudo dnf install openssl-pkcs11

Additional Identifiers

Rule ID: SV-257838r1044912_rule

Vulnerability ID: V-257838

Group Title: SRG-OS-000105-GPOS-00052

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.