AlmaLinux OS 9 must use the CAC smart card driver.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-269375	SRG-OS-000107-GPOS-00054	ALMA-09-034340	SV-269375r1050258_rule	2025-02-20	1

Description
Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards. Satisfies: SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

Description

Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards. Satisfies: SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058

ℹ️ Check
Verify that AlmaLinux OS 9 loads the CAC driver with the following command: $ grep card_drivers /etc/opensc.conf card_drivers = cac; If "cac" is not listed as a card driver, or there is no line returned for "card_drivers", this is a finding.

✔️ Fix
Configure AlmaLinux OS 9 to load the CAC driver. Add or modify the following line in the "/etc/opensc.conf" file: card_drivers = cac;