The AIX operating system must use Multi Factor Authentication.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215436 | SRG-OS-000105-GPOS-00052 | AIX7-00-003200 | SV-215436r1009557_rule | 2026-02-06 | 3 |
Description
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system.
Multifactor authentication uses two or more factors to achieve authentication.
Factors include:
1. Something you know (e.g., password/PIN);
2. Something you have (e.g., cryptographic identification device, token); and
3. Something you are (e.g., biometric).
The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000375-GPOS-00160
ℹ️ Check
Verify that all required packages are installed:
# lslpp -l |grep -i powerscmfa
powerscMFA.license 1.2.0.1 COMMITTED PowerSC MFA license files
powerscMFA.pam.base 1.2.0.1 COMMITTED PowerSC MFA standard inband
powerscMFA.pam.fallback 1.2.0.1 COMMITTED PowerSC MFA Password fallback
powerscMFA.pam.pmfamapper 1.2.0.1 COMMITTED USB Smartcard Interface to
powerscMFA.pam.usbsmartcard
If any of the above packages are not installed, this is a finding.
✔️ Fix
Install the IBM PowerSC MFA product.