OL6-00-000349 - The system must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication.

Information

Smart card login provides two-factor authentication stronger than that provided by a username/password combination. Smart cards leverage a PKI (public key infrastructure) in order to provide and verify credentials.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To enable smart card authentication, consult the documentation at:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/enabling-smart-card-login.html

For guidance on enabling SSH to authenticate against a Common Access Card (CAC), consult documentation at:

https://access.redhat.com/solutions/82273

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V2R7_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), CAT|II, CCI|CCI-000765, Rule-ID|SV-209051r793772_rule, STIG-ID|OL6-00-000349, STIG-Legacy|SV-64845, STIG-Legacy|V-50639, Vuln-ID|V-209051

Plugin: Unix

Control ID: d93ebe4b4ce90964f6338a5c4c1955e60c3f9417ad74be56e6778c69dd7e3449