{"description": "\nThe <code>opensc-pkcs11</code> package can be installed with the following command:\n<pre>\n$ apt-get install opensc-pkcs11</pre>", "rationale": "Using an authentication device, such as a CAC or token that is separate from\nthe information system, ensures that even if the information system is\ncompromised, that compromise will not affect credentials stored on the\nauthentication device.\n<br /><br />\nMultifactor solutions that require devices separate from\ninformation systems gaining access include, for example, hardware tokens\nproviding time-based or challenge-response authenticators and smart cards\nor similar secure authentication devices issued by an organization or identity provider.", "severity": "medium", "references": {"nist": ["CM-6(a)"], "srg": ["SRG-OS-000375-GPOS-00160", "SRG-OS-000376-GPOS-00161"], "ism": ["1386"], "stigid": ["UBTU-22-612015"], "stigref": ["SV-260574r958816_rule"]}, "control_references": {"ism": ["1386"], "stigid": ["UBTU-22-612015"]}, "components": [], "identifiers": {}, "ocil_clause": "the package is not installed", "ocil": " Run the following command to determine if the <code>opensc-pkcs11</code> package is installed: <pre>$ dpkg -l  opensc-pkcs11</pre>", "oval_external_content": null, "fixtext": "\nThe <code>opensc-pkcs11</code> package can be installed with the following command:\n<pre>\n$ apt-get install opensc-pkcs11</pre>", "checktext": "", "vuldiscussion": "", "srg_requirement": "\n\nUbuntu 22.04 must have the opensc-pkcs11 package installed.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must have the opensc package installed.", "vuldiscussion": "The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.\n\nThe DOD has mandated the use of the common access card (CAC) to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems.", "checktext": "Verify that Ubuntu 22.04 has the opensc package installed with the following command:\n\n$ dnf list --installed opensc\n\nExample output:\n\nopensc.x86_64          0.22.0-2.el9\n\nIf the \"opensc\" package is not installed, this is a finding.", "fixtext": "The opensc package can be installed with the following command:\n\n$ sudo dnf install opensc"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Install the opensc Package For Multifactor Authentication", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml", "template": {"name": "package_installed", "vars": {"pkgname": "opensc-pkcs11"}, "backends": {}}}