STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.

DISA Rule

SV-238230r653865_rule

Vulnerability Number

V-238230

Group Title

SRG-OS-000375-GPOS-00160

Rule Version

UBTU-20-010063

Severity

CAT II

CCI(s)

CCI-001948 - The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Weight

Fix Recommendation

Configure the Ubuntu operating system to implement multifactor authentication by installing the required packages.

Install the "libpam-pkcs11" package on the system with the following command:

$ sudo apt install libpam-pkcs11

Check Contents

Verify the Ubuntu operating system has the packages required for multifactor authentication installed with the following commands:

$ dpkg -l | grep libpam-pkcs11

ii libpam-pkcs11 0.6.8-4 amd64 Fully featured PAM module for using PKCS#11 smart cards

If the "libpam-pkcs11" package is not installed, this is a finding.

Vulnerability Number

V-238230

Documentable

False

Rule Version

UBTU-20-010063

Severity Override Guidance

Check Content Reference

Target Key

5318

The Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments