AlmaLinux OS 9 must have the openssl-pkcs11 package installed.

STIG ID: ALMA-09-034010  |  SRG: SRG-OS-000377-GPOS-00162 |  Severity: medium |  CCI: CCI-001954,CCI-001953,CCI-004046,CCI-000765 |  Vulnerability Id: V-269373

Vulnerability Discussion

The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.

DOD has mandated the use of the CAC to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems.

Satisfies: SRG-OS-000377-GPOS-00162, SRG-OS-000376-GPOS-00161, SRG-OS-000375-GPOS-00160, SRG-OS-000105-GPOS-00052

Check

Note: If the System Administrator demonstrates the use of an approved alternate multifactor authentication method, this requirement is Not Applicable.

Verify that AlmaLinux OS 9 has the openssl-pkcs11 package installed with the following command:

$ dnf list --installed openssl-pkcs11

Installed Packages
openssl-pkcs11.x86_64 0.4.11-7.el9 @baseos

If the "openssl-pkcs11" package is not installed, this is a finding.

Fix

The openssl-pkcs11 package can be installed with the following command:

$ dnf install openssl-pkcs11
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.