STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Red Hat Enterprise Linux 10 Security Technical Implementation Guide

V-280976

CAT II (Medium)

RHEL 10 must use the common access card (CAC) smart card driver.

Rule ID

SV-280976r1165283_rule

STIG

Red Hat Enterprise Linux 10 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000764CCI-000766CCI-000765CCI-004045

Discussion

Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver helps to prevent the use of unauthorized smart cards. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055

Check Content

Verify RHEL 10 loads the CAC driver with the following command:

$ sudo opensc-tool --get-conf-entry app:default:card_drivers
cac

If "cac" is not listed as a card driver, or no line is returned for "card_drivers", this is a finding.

Fix Text

Configure RHEL 10 to load the CAC driver:

$ sudo opensc-tool --set-conf-entry app:default:card_drivers:cac

Restart the pcscd service with the following command for the changes to take effect:

$ sudo systemctl restart pcscd