{"description": "The OpenSC smart card middleware can auto-detect smart card drivers; however by\nforcing the smart card driver in use by your organization, opensc will no longer\nautodetect or use other drivers unless specified. This helps to prevent\nusers from using unauthorized smart cards. The default smart card driver for this\nprofile is <tt><sub idref=\"var_smartcard_drivers\" /></tt>.\nTo force the OpenSC driver, edit the <tt>/etc/opensc.conf</tt>.\nLook for a line similar to:\n<pre># force_card_driver = customcos;</pre>\nand change it to:\n<pre>force_card_driver = <sub idref=\"var_smartcard_drivers\" />;</pre>", "rationale": "Smart card login provides two-factor authentication stronger than\nthat provided by a username and password combination. Smart cards leverage PKI\n(public key infrastructure) in order to provide and verify credentials.\nForcing the smart card driver in use by your organization helps to prevent\nusers from using unauthorized smart cards.", "severity": "medium", "references": {"cis-csc": ["1", "12", "15", "16", "5"], "cobit5": ["DSS05.04", "DSS05.05", "DSS05.07", "DSS05.10", "DSS06.03", "DSS06.10"], "isa-62443-2009": ["4.3.3.2.2", "4.3.3.5.1", "4.3.3.5.2", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.2", "4.3.3.7.4"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1"], "iso27001-2013": ["A.18.1.4", "A.7.1.1", "A.9.2.1", "A.9.2.2", "A.9.2.3", "A.9.2.4", "A.9.2.6", "A.9.3.1", "A.9.4.2", "A.9.4.3"], "nist": ["IA-2(1)", "IA-2(2)", "IA-2(3)", "IA-2(4)", "IA-2(6)", "IA-2(7)", "IA-2(11)", "CM-6(a)"], "nist-csf": ["PR.AC-1", "PR.AC-6", "PR.AC-7"], "pcidss": ["Req-8.3"], "srg": ["SRG-OS-000104-GPOS-00051", "SRG-OS-000106-GPOS-00053", "SRG-OS-000107-GPOS-00054", "SRG-OS-000109-GPOS-00056", "SRG-OS-000108-GPOS-00055", "SRG-OS-000108-GPOS-00057", "SRG-OS-000108-GPOS-00058"], "ism": ["1386"]}, "control_references": {"ism": ["1386"]}, "components": [], "identifiers": {}, "ocil_clause": "the smart card driver is not configured correctly", "ocil": "To verify that <tt><sub idref=\"var_smartcard_drivers\" /></tt> is configured\nas the smart card driver, run the following command:\n<pre>$ grep force_card_driver /etc/opensc.conf</pre>\nThe output should return something similar to:\n<pre>force_card_driver = <sub idref=\"var_smartcard_drivers\" />;</pre>", "oval_external_content": null, "fixtext": "Edit \"/etc/opensc.conf\" and add or edit the following line:\n\nforce_card_driver = <sub idref=\"var_smartcard_drivers\" />;", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must use the <sub idref=\"var_smartcard_drivers\" /> smartcard driver.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Force opensc To Use Defined Smart Card Driver", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml", "template": null}