Puppet Class: cis_security_hardening::rules::opensc_pkcs11

Defined in:
manifests/rules/opensc_pkcs11.pp

Summary

Ensure the opensc-pcks11 is installed

Overview

The operating system must accept Personal Identity Verification (PIV) credentials.

Rationale: The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.

DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making he CAC a primary component of layered protection for national security systems.

Examples:

class { 'cis_security_hardening::rules::opensc_pkcs11':
  enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule.



23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'manifests/rules/opensc_pkcs11.pp', line 23

class cis_security_hardening::rules::opensc_pkcs11 (
  Boolean $enforce = false,
) {
  if $enforce {
    $pkgs = $facts['os']['name'].downcase() ? {
      'redhat' => ['opensc'],
      default  => ['opensc-pkcs11'],
    }

    ensure_packages($pkgs, {
        ensure => present,
    })
  }
}