800-53|IA-11

Title

RE-AUTHENTICATION

Description

The organization requires users and devices to re-authenticate when [Assignment: organization-defined circumstances or situations requiring re-authentication].

Supplemental

In addition to the re-authentication requirements associated with session locks, organizations may require re-authentication of individuals and/or devices in other situations including, for example: (i) when authenticators change; (ii), when roles change; (iii) when security categories of information systems change; (iv), when the execution of privileged functions occurs; (v) after a fixed period of time; or (vi) periodically.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-11

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P0

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.64 UBTU-24-300021	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.66 OL08-00-010380	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.67 OL08-00-010381	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.70 OL08-00-010384	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.71 OL08-00-010385	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.88 UBTU-22-432010	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.134 APPL-14-004022	Unix	CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.138 APPL-14-004060	Unix	CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.305 RHEL-09-432015	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.307 RHEL-09-432025	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.309 RHEL-09-432035	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.326 RHEL-09-611085	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.337 RHEL-09-611145	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
3.070 - The system is configured to permit storage of credentials or .NET Passports.	Windows	DISA Windows Vista STIG v6r41
3.129 - User Account Control - Built In Admin Approval Mode	Windows	DISA Windows Vista STIG v6r41
3.131 - User Account Control - Behavior of elevation prompt for standard users.	Windows	DISA Windows Vista STIG v6r41
3.137 - User Account Control - Run all admins in Admin Approval Mode	Windows	DISA Windows Vista STIG v6r41
5.2.4 Ensure users must provide password for escalation	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
5.2.4 Ensure users must provide password for escalation	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.2.4.1 (L1) Ensure 'Self service password reset enabled' is set to 'All'	microsoft_azure	CIS Microsoft 365 Foundations v5.0.0 L1 E5
5.2.4.1 (L1) Ensure 'Self service password reset enabled' is set to 'All'	microsoft_azure	CIS Microsoft 365 Foundations v5.0.0 L1 E3
5.2.5 Ensure users must re-authenticate for privilege escalation	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
5.2.5 Ensure users must re-authenticate for privilege escalation	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Oracle Linux 8 v4.0.0 L1 Server
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Rocky Linux 8 v3.0.0 L1 Server
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS AlmaLinux OS 8 v4.0.0 L1 Server
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Workstation
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Rocky Linux 10 v1.0.0 L1 Server
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Oracle Linux 10 v1.0.0 L1 Server
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Server
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Workstation
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS AlmaLinux OS 10 v1.0.0 L1 Workstation
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS AlmaLinux OS 8 v4.0.0 L1 Workstation
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Oracle Linux 10 v1.0.0 L1 Workstation
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Rocky Linux 10 v1.0.0 L1 Workstation
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Rocky Linux 8 v3.0.0 L1 Workstation
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Server
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS Oracle Linux 8 v4.0.0 L1 Workstation
5.2.6 Ensure sudo timestamp_timeout is configured	Unix	CIS AlmaLinux OS 10 v1.0.0 L1 Server
5.2.7 Ensure sudo authentication timeout is configured	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
5.2.7 Ensure sudo authentication timeout is configured - sudo command.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.2.9 Ensure sudo timestamp_timeout is configured	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
5.2.9 Ensure sudo timestamp_timeout is configured	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server
5.2.9 Ensure sudo timestamp_timeout is configured	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Workstation
5.2.11 Ensure pam_succeed_if does not exist in /etc/pam.d/sudo	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
5.042 - Terminal Services is not configured to always prompt a client for passwords upon connection.	Windows	DISA Windows Vista STIG v6r41
5.116 - Terminal Services / Remote Desktop Service - Prevent password saving in the Remote Desktop Client	Windows	DISA Windows Vista STIG v6r41
5.224 - Power Mgmt - Password Wake on Battery	Windows	DISA Windows Vista STIG v6r41
5.225 - Power Mgmt - Password Wake When Plugged In	Windows	DISA Windows Vista STIG v6r41
7.2.10 (L1) Ensure reauthentication with verification code is restricted	microsoft_azure	CIS Microsoft 365 Foundations v5.0.0 L1 E3

Detections

Analytics