{"description": "The OpenSC smart card tool can auto-detect smart card drivers; however,\nsetting the smart card drivers in use by your organization helps to prevent\nusers from using unauthorized smart cards. The default smart card driver for this\nprofile is .\nTo configure the OpenSC driver, edit the /etc/opensc.conf\nand add the following line into the file in the app default block,\nso it will look like:\n\n\napp default {\n ...\n card_drivers = ;\n}\n", "rationale": "Smart card login provides two-factor authentication stronger than\nthat provided by a username and password combination. Smart cards leverage PKI\n(public key infrastructure) in order to provide and verify credentials.\nConfiguring the smart card driver in use by your organization helps to prevent\nusers from using unauthorized smart cards.", "severity": "medium", "references": {"cis-csc": ["1", "12", "15", "16", "5"], "cobit5": ["DSS05.04", "DSS05.05", "DSS05.07", "DSS05.10", "DSS06.03", "DSS06.10"], "isa-62443-2009": ["4.3.3.2.2", "4.3.3.5.1", "4.3.3.5.2", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.2", "4.3.3.7.4"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1"], "iso27001-2013": ["A.18.1.4", "A.7.1.1", "A.9.2.1", "A.9.2.2", "A.9.2.3", "A.9.2.4", "A.9.2.6", "A.9.3.1", "A.9.4.2", "A.9.4.3"], "nist": ["IA-2(1)", "IA-2(2)", "IA-2(3)", "IA-2(4)", "IA-2(6)", "IA-2(7)", "IA-2(11)", "CM-6(a)"], "nist-csf": ["PR.AC-1", "PR.AC-6", "PR.AC-7"], "pcidss": ["Req-8.3"], "srg": ["SRG-OS-000104-GPOS-00051", "SRG-OS-000106-GPOS-00053", "SRG-OS-000107-GPOS-00054", "SRG-OS-000109-GPOS-00056", "SRG-OS-000108-GPOS-00055", "SRG-OS-000108-GPOS-00057", "SRG-OS-000108-GPOS-00058"], "ism": ["1386"]}, "control_references": {"ism": ["1386"]}, "components": [], "identifiers": {}, "ocil_clause": "\"\" is not listed as a card driver, or there is no line returned for \"card_drivers\"", "ocil": "Verify that Ubuntu 22.04 loads the driver with the following command:\n\n$ grep card_drivers /etc/opensc.conf
\n\ncard_drivers = ;
", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to load the driver.\n\nAdd, or modify the following line in the \"/etc/opensc.conf\" file:\n\ncard_drivers = ;", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must use the smartcard driver.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must use the cac smartcard driver.", "vuldiscussion": "Smart card login provides two-factor authentication stronger than\nthat provided by a username and password combination. Smart cards leverage public key infrastructure in order to provide and verify credentials.\nConfiguring the smart card driver in use by your organization helps to prevent users from using unauthorized smart cards.", "checktext": "Verify that Ubuntu 22.04 loads the cac driver with the following command:\n\n$ grep card_drivers /etc/opensc.conf\n\ncard_drivers = cac;\n\nIf \"cac\" is not listed as a card driver, or there is no line returned for \"card_drivers\", this is a finding.", "fixtext": "Configure Ubuntu 22.04 to load the cac driver.\n\nAdd, or modify the following line in the \"/etc/opensc.conf\" file:\n\ncard_drivers = cac;"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure opensc Smart Card Drivers", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml", "template": null}