{"description": "Configure the operating system to implement multifactor authentication by\ninstalling the required package with the following command:\n\nThe <code>libpam-pkcs11</code> package can be installed with the following command:\n<pre>\n$ apt-get install libpam-pkcs11</pre>", "rationale": "Using an authentication device, such as a CAC or token that is separate from\nthe information system, ensures that even if the information system is\ncompromised, that compromise will not affect credentials stored on the\nauthentication device.\n<br /><br />\nMultifactor solutions that require devices separate from\ninformation systems gaining access include, for example, hardware tokens\nproviding time-based or challenge-response authenticators and smart cards\nor similar secure authentication devices issued by an organization or identity provider.", "severity": "medium", "references": {"nist": ["CM-6(a)"], "pcidss": ["Req-8.3"], "srg": ["SRG-OS-000105-GPOS-00052", "SRG-OS-000375-GPOS-00160", "SRG-OS-000375-GPOS-00161", "SRG-OS-000377-GPOS-00162"], "stigid": ["UBTU-22-612010"], "stigref": ["SV-260573r1015019_rule"]}, "control_references": {"stigid": ["UBTU-22-612010"]}, "components": [], "identifiers": {}, "ocil_clause": "smartcard software is not installed", "ocil": "Check that Ubuntu 22.04 has the packages for smart card support installed.\n\n\nRun the following command to determine if the <code>libpam-pkcs11</code> package is installed:\n<pre>$ dpkg -l  libpam-pkcs11</pre>", "oval_external_content": null, "fixtext": "The <code>libpam-pkcs11</code> package can be installed with the following command:\n<pre>\n$ apt-get install libpam-pkcs11</pre>", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must have the packages required for multifactor authentication installed.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must have the openssl-pkcs11 package installed.", "vuldiscussion": "Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. The DOD common access card (CAC) with DOD-approved PKI is an example of multifactor authentication.", "checktext": "Note: If the system administrator demonstrates the use of an approved alternate multifactor authentication method, this requirement is Not Applicable.\n\nVerify that Ubuntu 22.04 has the openssl-pkcs11 package installed with the following command:\n\n$ dnf list --installed openssl-pkcs11\n\nExample output:\n\nopenssl-pkcs.i686          0.4.11-7.el9\nopenssl-pkcs.x86_64          0.4.11-7.el9\n\nIf the \"openssl-pkcs11\" package is not installed, this is a finding.", "fixtext": "The openssl-pkcs11 package can be installed with the following command:\n\n$ sudo dnf install openssl-pkcs11"}}, "platform": "not_s390x_arch", "platforms": ["not_s390x_arch"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["not_s390x_arch"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Install Smart Card Packages For Multifactor Authentication", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml", "template": {"name": "package_installed", "vars": {"pkgname": "libpam-pkcs11"}, "backends": {}}}