RHEL 9 must use the common access card (CAC) smart card driver.

An XCCDF Rule

Description

Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

ID: SV-258121r1045243_rule
Version: RHEL-09-611160
Severity: Medium
References: CCI-000764 CCI-000765 CCI-000766 CCI-000767 CCI-000768 CCI-000770 CCI-001941 CCI-001942 CCI-004045
Updated: about 2 months ago

Remediation Templates

Configure RHEL 9 to load the CAC driver.

$ sudo opensc-tool --set-conf-entry app:default:card_driver:cac

Restart the pcscd service to apply the changes:

$ sudo systemctl restart pcscd

RHEL 9 must use the common access card (CAC) smart card driver.

Description

Remediation Templates

A Manual Procedure