{"description": "\nThe <code>pcscd</code> service can be enabled with the following command:\n<pre>$ sudo systemctl enable pcscd.service</pre>", "rationale": "Using an authentication device, such as a CAC or token that is separate from\nthe information system, ensures that even if the information system is\ncompromised, that compromise will not affect credentials stored on the\nauthentication device.\n<br /><br />\nMultifactor solutions that require devices separate from\ninformation systems gaining access include, for example, hardware tokens\nproviding time-based or challenge-response authenticators and smart cards\nor similar secure authentication devices issued by an organization or identity provider.", "severity": "medium", "references": {"nist": ["IA-2(1)", "IA-2(2)", "IA-2(3)", "IA-2(4)", "IA-2(6)", "IA-2(7)", "IA-2(11)", "CM-6(a)"], "pcidss": ["Req-8.3"], "srg": ["SRG-OS-000375-GPOS-00160"], "ism": ["1386"]}, "control_references": {"ism": ["1386"]}, "components": [], "identifiers": {}, "ocil_clause": "the pcscd service is not enabled", "ocil": "\n\nRun the following command to determine the current status of the\n<code>pcscd</code> service:\n<pre>$ sudo systemctl is-active pcscd</pre>\nIf the service is running, it should return the following: <pre>active</pre>", "oval_external_content": null, "fixtext": "To enable the pcscd service run the following command:\n\n$ sudo systemctl enable --now pcscd", "checktext": "", "vuldiscussion": "", "srg_requirement": "The Ubuntu 22.04 service pcscd must be enabled.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "The pcscd service on Ubuntu 22.04 must be active.", "vuldiscussion": "The information system ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.\n\nThe daemon program for pcsc-lite and the MuscleCard framework is pcscd. It is a resource manager that coordinates communications with smart card readers and smart cards and cryptographic tokens that are connected to the system.", "checktext": "Verify that the \"pcscd\" socket is active with the following command:\n\n$ systemctl is-active pcscd.socket\n\nactive\n\nIf the pcscd socket is not active, this is a finding.", "fixtext": "To enable the pcscd socket, run the following command:\n\n$ sudo systemctl enable --now pcscd.socket"}}, "platform": null, "platforms": [], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_pcscd_enabled.sh", "relative_path": "ubuntu2204/checks/sce/service_pcscd_enabled.sh"}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Enable the pcscd Service", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml", "template": {"name": "service_enabled", "vars": {"servicename": "pcscd", "packagename": "pcsc-lite"}, "backends": {}}}