800-53|IA-5(13)

Title

EXPIRATION OF CACHED AUTHENTICATORS

Description

The information system prohibits the use of cached authenticators after [Assignment: organization-defined time period].

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.1.1.1 Configure 'Maximum lifetime for service ticket'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.1.1.3 Configure 'Maximum lifetime for user ticket'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.1.1.5 Configure 'Maximum lifetime for user ticket renewal'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.2.1.71 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '0'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.2.1.71 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '0'	Windows	CIS Windows 2003 MS v3.1.0
1.1.3.6.5 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.12 Maximum lifetime for service ticket	Windows	CIS Windows 2008 SSLF v1.2.0
1.1.12 Maximum lifetime for service ticket - Domain Controller	Windows	CIS Windows 2008 Enterprise v1.2.0
1.1.13 Maximum lifetime for user ticket renewal	Windows	CIS Windows 2008 SSLF v1.2.0
1.1.13 Maximum lifetime for user ticket renewal - Domain Controller	Windows	CIS Windows 2008 Enterprise v1.2.0
1.1.14 Maximum lifetime for user ticket	Windows	CIS Windows 2008 SSLF v1.2.0
1.1.14 Maximum lifetime for user ticket - Domain Controller	Windows	CIS Windows 2008 Enterprise v1.2.0
1.1.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.24 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.3.4.1.1 Configure 'Do not allow passwords to be saved'	Windows	CIS Windows 2003 DC v3.1.0
1.2.3.4.1.1 Configure 'Do not allow passwords to be saved'	Windows	CIS Windows 2003 MS v3.1.0
1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.26 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.27 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC
1.4.14.8 Secure Remote Login 'GSSAPICleanupCredentials'	Unix	CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0
1.9.23 Interactive logon: Number of previous logons to cache (in case a domain controller is not available)	Windows	CIS Windows 2008 SSLF v1.2.0
1.9.23 Interactive logon: Number of previous logons to cache (in case domain controller is not available)	Windows	CIS Windows 2008 Enterprise v1.2.0
1.10.4 Do not allow passwords to be saved	Windows	CIS Windows 2008 SSLF v1.2.0
1.10.4 Do not allow passwords to be saved	Windows	CIS Windows 2008 Enterprise v1.2.0
18.9.58.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
18.9.58.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL

Detections

Analytics

800-53|IA-5(13)

Title

Description

Reference Item Details

Audit Items