800-53|IA-5(13)

Title

EXPIRATION OF CACHED AUTHENTICATORS

Description

The information system prohibits the use of cached authenticators after [Assignment: organization-defined time period].

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.6.5 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.24 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2016 MS L2 v1.4.0
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Windows Server 2012 R2 MS L2 v2.6.0
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Windows Server 2012 MS L2 v2.4.0
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only) - 4 or fewer logon(s)WindowsCIS Microsoft Windows Server 2019 MS L2 v1.3.0
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only) - 4 or fewer logon(s)WindowsCIS Microsoft Windows Server 2022 v1.0.0 L2 MS
2.3.7.7 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2
2.3.7.7 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
2.3.7.7 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + NG
2.3.7.7 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
3.1.16 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
3.1.16 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
5.3.1 Ensure password creation requirements are configured - 'try_first_pass'UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.3.1 Ensure password creation requirements are configured - 'try_first_pass'UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.4 Automatically lock the login keychain for inactivityUnixCIS Apple OSX 10.10 Yosemite L2 v1.2.0
5.4 Automatically lock the login keychain for inactivityUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
5.4 Automatically lock the login keychain for inactivityUnixCIS Apple OSX 10.9 L2 v1.3.0
5.5 Ensure login keychain is locked when the computer sleepsUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
5.5 Ensure login keychain is locked when the computer sleepsUnixCIS Apple OSX 10.10 Yosemite L2 v1.2.0
5.5 Ensure login keychain is locked when the computer sleepsUnixCIS Apple OSX 10.9 L2 v1.3.0
5.5 NFS - 'wafl.wcc_minutes_valid has been configured'NetAppTNS NetApp Data ONTAP 7G
5.6 Ensure login keychain is locked when the computer sleepsUnixCIS Apple macOS 10.12 L2 v1.2.0
5.6 Ensure login keychain is locked when the computer sleepsUnixCIS Apple macOS 10.13 L2 v1.1.0
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v1.0.1 L1
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v1.12.0 L1 + NG
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v1.0.0 L1 + BL + NG
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v1.0.0 L1
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v1.0.0 L1 + BL
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v1.0.0 L1 + NG
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v1.0.1 L1 + BL
18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v1.0.1 L1 + BL + NG
AIX7-00-001046 - If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day - group cacheUnixDISA STIG AIX 7.x v2r6
AIX7-00-001046 - If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day - user cacheUnixDISA STIG AIX 7.x v2r6
Big Sur - Disable FileVault Automatic LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable FileVault Automatic LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable FileVault Automatic LoginUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable FileVault Automatic LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate