UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The AIX operating system must be configured to authenticate using Multi Factor Authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-92943 AIX7-00-003201 SV-103031r1_rule Medium
Description
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2019-04-29

Details

Check Text ( C-92261r1_chk )
Verify the global "auth_type" is configured to use PAM:

# grep auth_type /etc/security/login.cfg |grep AUTH

auth_type = PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.


Verify that the user stanza is configured to use PAM:

# lssec -f /etc/security/login.cfg -susw -a auth_type

usw auth_type=PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.
Fix Text (F-99189r1_fix)
Run the following command to set the global and user stanza "auth_type":

# chsec -f /etc/security/login.cfg -susw -a auth_type=PAM_AUTH