RHEL 9 must use the CAC smart card driver.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-258121	RHEL-09-611160	SV-258121r926350_rule		Medium

Description
Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

Description

Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

STIG	Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide	2023-12-01

Details

Check Text ( C-61862r926348_chk )
Verify that RHEL loads the CAC driver with the following command: $ grep card_drivers /etc/opensc.conf card_drivers = cac; If "cac" is not listed as a card driver, or there is no line returned for "card_drivers", this is a finding.

Fix Text (F-61786r926349_fix)
Configure RHEL 9 to load the CAC driver. Add or modify the following line in the "/etc/opensc.conf" file: card_drivers = cac;