UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The AIX operating system must use Multi Factor Authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-92941 AIX7-00-003200 SV-103029r1_rule Medium
Description
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000375-GPOS-00160
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2020-02-24

Details

Check Text ( C-92259r1_chk )
Verify that all required packages are installed:

# lslpp -l |grep -i powerscmfa

powerscMFA.license 1.2.0.1 COMMITTED PowerSC MFA license files
powerscMFA.pam.base 1.2.0.1 COMMITTED PowerSC MFA standard inband
powerscMFA.pam.fallback 1.2.0.1 COMMITTED PowerSC MFA Password fallback
powerscMFA.pam.pmfamapper 1.2.0.1 COMMITTED USB Smartcard Interface to
powerscMFA.pam.usbsmartcard

If any of the above packages are not installed, this is a finding.
Fix Text (F-99187r1_fix)
Install the IBM PowerSC MFA product.