UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The AIX operating system must be configured to use Multi Factor Authentication for remote connections.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215438 AIX7-00-003202 SV-215438r508663_rule Medium
Description
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2021-06-16

Details

Check Text ( C-16636r294765_chk )
Verify SSH is configured to use multi factor authentication:

# grep ^sshd /etc/pam.conf | head -3

sshd auth required pam_ckfile
sshd auth required pam_permission file=/etc/security/access.conf found=allow
sshd auth required pam_pmfa /etc/security/pmfa/pam_pmfa.conf

If the output does not match the above lines, any lines are missing, or commented out, this is a finding.
Fix Text (F-16634r294766_fix)
Add or update the following lines in the /etc/pam.conf file:

sshd auth required pam_ckfile
sshd auth required pam_permission file=/etc/security/access.conffound=allow
sshd auth required pam_pmfa /etc/security/pmfa/pam_pmfa.conf