The AIX operating system must use Multi Factor Authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215436 | AIX7-00-003200 | SV-215436r508663_rule | Medium |
| Description |
|---|
| To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000375-GPOS-00160 |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2022-06-06 |
Details
| Check Text ( C-16634r294759_chk ) |
|---|
| Verify that all required packages are installed: # lslpp -l |grep -i powerscmfa powerscMFA.license 1.2.0.1 COMMITTED PowerSC MFA license files powerscMFA.pam.base 1.2.0.1 COMMITTED PowerSC MFA standard inband powerscMFA.pam.fallback 1.2.0.1 COMMITTED PowerSC MFA Password fallback powerscMFA.pam.pmfamapper 1.2.0.1 COMMITTED USB Smartcard Interface to powerscMFA.pam.usbsmartcard If any of the above packages are not installed, this is a finding. |
| Fix Text (F-16632r294760_fix) |
|---|
| Install the IBM PowerSC MFA product. |