← Back to Oracle Linux 9 Security Technical Implementation Guide

V-271610

CAT II (Medium)

OL 9 must use the CAC smart card driver.

Rule ID

SV-271610r1091542_rule

STIG

Oracle Linux 9 Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-000764 CCI-000766 CCI-000765 CCI-004045 CCI-001941

Discussion

Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

Check Content

Verify that OL 9 loads the CAC driver with the following command:

$ grep card_drivers /etc/opensc.conf
card_drivers = cac; 

If "cac" is not listed as a card driver, or there is no line returned for "card_drivers", this is a finding.

Fix Text

Configure OL 9 to load the CAC driver.

Add or modify the following line in the "/etc/opensc.conf" file:

card_drivers = cac;