UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

RHEL 9 must use the common access card (CAC) smart card driver.


Overview

Finding ID Version Rule ID IA Controls Severity
V-258121 RHEL-09-611160 SV-258121r997105_rule Medium
Description
Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058
STIG Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide 2024-06-04

Details

Check Text ( C-61862r926348_chk )
Verify that RHEL loads the CAC driver with the following command:

$ grep card_drivers /etc/opensc.conf

card_drivers = cac;

If "cac" is not listed as a card driver, or there is no line returned for "card_drivers", this is a finding.
Fix Text (F-61786r926349_fix)
Configure RHEL 9 to load the CAC driver.

Add or modify the following line in the "/etc/opensc.conf" file:

card_drivers = cac;