RHEL 10 must have the "pcscd" socket set to active.

STIG ID: RHEL-10-200611  |  SRG: SRG-OS-000375-GPOS-00160 |  Severity: medium (CAT II)  |  CCI: CCI-004046 |  Vulnerability Id: V-280973

Vulnerability Discussion

The information system ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.

The daemon program for pcsc-lite and the MuscleCard framework is pcscd. It is a resource manager that coordinates communications with smart card readers and smart cards and cryptographic tokens that are connected to the system.

Check

Verify RHEL 10 has the "pcscd" socket set to active with the following command:

$ systemctl is-active pcscd.socket
active

If the "pcscd" socket is not active, this is a finding.

Fix

Configure RHEL 10 to have the "pcscd" socket set to active with the following command:

$ sudo systemctl enable --now pcscd.socket