STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Red Hat Enterprise Linux 9 Security Technical Implementation Guide

V-258121

CAT II (Medium)

RHEL 9 must use the common access card (CAC) smart card driver.

Rule ID

SV-258121r1155682_rule

STIG

Red Hat Enterprise Linux 9 Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-000764CCI-000766CCI-000765CCI-004045CCI-001941CCI-000767CCI-000768CCI-000770CCI-001942

Discussion

Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

Check Content

Verify RHEL loads the CAC driver with the following command:

$ sudo opensc-tool --get-conf-entry app:default:card_drivers

cac

If "cac" is not listed as a card driver, or no line is returned for "card_drivers", this is a finding.

Fix Text

Configure RHEL 9 to load the CAC driver.

$ sudo opensc-tool --set-conf-entry app:default:card_drivers:cac

Restart the pcscd service to apply the changes:

$ sudo systemctl restart pcscd