Clean Up Opensc Rules in RHEL 10

components/opensc.yml

@@ -10,6 +10,7 @@ rules:
 - install_smartcard_packages
 - package_opensc_installed
 - package_pcsc-lite_installed
+- package_pcsc-lite-ccid_installed
 - service_pcscd_enabled
 - smartcard_auth
 - smartcard_configure_ca

components/pcsc-lite.yml

@@ -1,6 +1,8 @@
 name: pcsc-lite
 packages:
 - pcsc-lite
+- pcsc-lite-ccid
 rules:
 - package_pcsc-lite_installed
+- package_pcsc-lite-ccid_installed
 - service_pcscd_enabled

controls/ism_o.yml

@@ -318,6 +318,7 @@ controls:
             - force_opensc_card_drivers
             - package_opensc_installed
             - package_pcsc-lite_installed
+            - package_pcsc-lite-ccid_installed
             - package_sudo_installed
             - service_pcscd_enabled
         status: partial

controls/srg_gpos/SRG-OS-000375-GPOS-00160.yml

@@ -12,5 +12,6 @@ controls:
             - install_smartcard_packages
             - package_opensc_installed
             - package_pcsc-lite_installed
+            - package_pcsc-lite-ccid_installed
             - service_pcscd_enabled
         status: automated

linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite-ccid_installed/rule.yml

@@ -0,0 +1,37 @@
+documentation_complete: true
+
+title: 'Install the pcsc-lite-ccid package'
+
+description: |-
+    {{{ describe_package_install(package="pcsc-lite-ccid") }}}
+
+rationale: |-
+    The pcsc-lite-ccid package must be installed if it is to be available for
+    multifactor authentication using smartcards.
+
+severity: medium
+
+identifiers:
+    cce@rhel8: CCE-86243-3
+    cce@rhel9: CCE-86246-6
+    cce@rhel10: CCE-86250-8
+
+references:
+    disa: CCI-004046
+    ism: 1382,1384,1386
+    nist: CM-6(a)
+    srg: SRG-OS-000375-GPOS-00160
+
+ocil_clause: 'the package is not installed'
+
+ocil: '{{{ ocil_package(package="pcsc-lite-ccid") }}}'
+
+template:
+    name: package_installed
+    vars:
+        pkgname: pcsc-lite-ccid
+
+fixtext: |-
+    {{{ fixtext_package_installed(package="pcsc-lite-ccid") | indent(4) }}}
+
+srg_requirement: '{{{ srg_requirement_package_installed("pcsc-lite-ccid") }}}'

products/rhel10/profiles/ism_o.profile

@@ -44,3 +44,5 @@ selections:
     - '!openssl_use_strong_entropy'
     # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
     - '!enable_dracut_fips_module'
+    # This rule is not applicable for RHEL 10
+    - '!force_opensc_card_drivers'

products/rhel10/profiles/ism_o_secret.profile

@@ -46,3 +46,5 @@ selections:
     - '!openssl_use_strong_entropy'
     # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
     - '!enable_dracut_fips_module'
+    # This rule is not applicable for RHEL 10
+    - '!force_opensc_card_drivers'

products/rhel10/profiles/ism_o_top_secret.profile

@@ -44,3 +44,5 @@ selections:
     - '!openssl_use_strong_entropy'
     # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
     - '!enable_dracut_fips_module'
+    # This rule is not applicable for RHEL 10
+    - '!force_opensc_card_drivers'

shared/references/cce-redhat-avail.txt

@@ -21,9 +21,6 @@ CCE-86213-6
 CCE-86214-4
 CCE-86216-9
 CCE-86217-7
-CCE-86243-3
-CCE-86246-6
-CCE-86250-8
 CCE-86253-2
 CCE-86254-0
 CCE-86268-0