STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX operating system must use Multi Factor Authentication.

DISA Rule

SV-215436r508663_rule

Vulnerability Number

V-215436

Group Title

SRG-OS-000105-GPOS-00052

Rule Version

AIX7-00-003200

Severity

CAT II

CCI(s)

CCI-001948 - The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
CCI-000765 - The information system implements multifactor authentication for network access to privileged accounts.
CCI-000766 - The information system implements multifactor authentication for network access to non-privileged accounts.
CCI-000767 - The information system implements multifactor authentication for local access to privileged accounts.
CCI-000768 - The information system implements multifactor authentication for local access to non-privileged accounts.

Weight

Fix Recommendation

Install the IBM PowerSC MFA product.

Check Contents

Verify that all required packages are installed:

# lslpp -l |grep -i powerscmfa

powerscMFA.license 1.2.0.1 COMMITTED PowerSC MFA license files
powerscMFA.pam.base 1.2.0.1 COMMITTED PowerSC MFA standard inband
powerscMFA.pam.fallback 1.2.0.1 COMMITTED PowerSC MFA Password fallback
powerscMFA.pam.pmfamapper 1.2.0.1 COMMITTED USB Smartcard Interface to
powerscMFA.pam.usbsmartcard

If any of the above packages are not installed, this is a finding.

Vulnerability Number

V-215436

Documentable

False

Rule Version

AIX7-00-003200

Severity Override Guidance

Check Content Reference

Target Key

4012

The AIX operating system must use Multi Factor Authentication.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments