800-53|IA-5(13)

Title

EXPIRATION OF CACHED AUTHENTICATORS

Description

The information system prohibits the use of cached authenticators after [Assignment: organization-defined time period].

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.6.5 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.24 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2019 v3.0.0 L2 Member Server
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2016 v3.0.0 L2 MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Windows Server 2012 MS L2 v3.0.0
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Windows Server 2012 R2 MS L2 v3.0.0
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L2
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L2
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L2 + NG
2.3.7.7 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
3.1.16 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
3.1.16 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
3.11.36.3.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
3.11.36.3.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
5.3.1 Ensure password creation requirements are configured - 'try_first_pass'UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.3.1 Ensure password creation requirements are configured - 'try_first_pass'UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.4 Automatically lock the login keychain for inactivityUnixCIS Apple OSX 10.9 L2 v1.3.0
5.4 Automatically lock the login keychain for inactivityUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
5.4 Automatically lock the login keychain for inactivityUnixCIS Apple OSX 10.10 Yosemite L2 v1.2.0
5.5 Ensure login keychain is locked when the computer sleepsUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
5.5 Ensure login keychain is locked when the computer sleepsUnixCIS Apple OSX 10.9 L2 v1.3.0
5.5 Ensure login keychain is locked when the computer sleepsUnixCIS Apple OSX 10.10 Yosemite L2 v1.2.0
5.5 NFS - 'wafl.wcc_minutes_valid has been configured'NetAppTNS NetApp Data ONTAP 7G
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.57.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.57.2.3 Ensure 'Do not allow passwords to be saved' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
18.10.57.2.3 Ensure 'Do not allow passwords to be saved' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL