CCI|CCI-002007

Title

Prohibit the use of cached authenticators after an organization-defined time period.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.24 IBMW-LS-000970UnixCIS IBM WebSphere Liberty Server STIG v1.0.0 CAT II
1.59 SLES-15-010490UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.60 SLES-15-010500UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.69 AZLX-23-001305UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.69 MADB-10-008300MySQLDBCIS MariaDB Enterprise 10.x STIG v1.1.0 CAT II MySQLDB
1.91 UBTU-24-400340UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.110 UBTU-22-631015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.174 OL09-00-000935UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.193 OL08-00-020290UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.302 ALMA-09-038630UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.350 RHEL-09-631020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.400 RHEL-10-701290UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
AIOS-18-011500 - Apple iOS/iPadOS 18 must implement the management setting: treat AirDrop as an unmanaged destination.MDMMobileIron - DISA Apple iOS/iPadOS 18 v2r3
AIOS-18-011500 - Apple iOS/iPadOS 18 must implement the management setting: treat AirDrop as an unmanaged destination.MDMAirWatch - DISA Apple iOS/iPadOS 18 v2r3
AIOS-18-011600 - Apple iOS/iPadOS 18 must implement the management setting: not have any Family Members in Family Sharing.MDMAirWatch - DISA Apple iOS/iPadOS 18 v2r3
AIOS-18-011600 - Apple iOS/iPadOS 18 must implement the management setting: not have any Family Members in Family Sharing.MDMMobileIron - DISA Apple iOS/iPadOS 18 v2r3
AIOS-26-011500 - Apple iOS/iPadOS 26 must implement the management setting: treat AirDrop as an unmanaged destination.MDMMobileIron - DISA Apple iOS/iPadOS 26 v1r3
AIOS-26-011500 - Apple iOS/iPadOS 26 must implement the management setting: treat AirDrop as an unmanaged destination.MDMAirWatch - DISA Apple iOS/iPadOS 26 v1r3
AIOS-26-011600 - Apple iOS/iPadOS 26 must implement the management setting: not have any Family Members in Family Sharing.MDMAirWatch - DISA Apple iOS/iPadOS 26 v1r3
AIOS-26-011600 - Apple iOS/iPadOS 26 must implement the management setting: not have any Family Members in Family Sharing.MDMMobileIron - DISA Apple iOS/iPadOS 26 v1r3
AIX7-00-001046 - If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day.UnixDISA IBM AIX 7.x STIG v3r2
ALMA-09-038630 - AlmaLinux OS 9 must prohibit the use of cached authenticators after one day.UnixDISA Cloud Linux AlmaLinux OS 9 STIG v1r6
ARBA-ND-000313 - AOS must prohibit the use of cached authenticators after an organization-defined time period.ArubaOSDISA HPE Aruba Networking AOS NDM STIG v1r1
AZLX-23-001305 - Amazon Linux 2023 must prohibit the use of cached authenticators after one day.UnixDISA Amazon Linux 2023 STIG v1r3
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - lifetime_minutesUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - renewal_threshold_minutesUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DTOO237 - Outlook - The 'remember password' for internet e-mail accounts must be disabled.WindowsDISA Microsoft Outlook 2010 STIG v1r14
DTOO237 - The remember password for internet e-mail accounts must be disabled.WindowsDISA STIG Microsoft Outlook 2016 v2r4
DTOO237 - The remember password for internet e-mail accounts must be disabled.WindowsDISA STIG Microsoft Outlook 2013 v1r14
EDGE-00-000043 - The Password Manager must be disabled.WindowsDISA STIG Edge v2r3
EDGE-00-000043 - The Password Manager must be disabled.WindowsDISA Microsoft Edge STIG v2r5
F5BI-DM-300055 - The F5 BIG-IP appliance must prohibit the use of cached authenticators after eight hours or less.F5DISA F5 BIG-IP TMOS NDM STIG v1r2
IBMW-LS-000970 - The WebSphere Liberty Server must prohibit the use of cached authenticators after an organization-defined time period.UnixDISA IBM WebSphere Liberty Server STIG v2r4
IBMW-LS-000970 - The WebSphere Liberty Server must prohibit the use of cached authenticators after an organization-defined time period.UnixDISA IBM WebSphere Liberty Server STIG v2r2
JUEX-NM-000500 - The Juniper EX switch must be configured to prohibit the use of cached authenticators after an organization-defined time period.JuniperDISA Juniper EX Series Network Device Management v2r4
MADB-10-008300 - MariaDB must prohibit the use of cached authenticators after an organization-defined time period.MySQLDBDISA MariaDB Enterprise 10.x STIG v2r5 MySQLDB
MD3X-00-000710 - MongoDB must prohibit the use of cached authenticators after an organization-defined time period.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-005700 - MongoDB must prohibit the use of cached authenticators after an organization-defined time period.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MYS8-00-010300 - The MySQL Database Server 8.0 must prohibit the use of cached authenticators after an organization-defined time period.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
OL08-00-020290 - OL 8 must prohibit the use of cached authentications after one day.UnixDISA Oracle Linux 8 STIG v2r8
OL09-00-000935 - OL 9 must prohibit the use of cached authenticators after one day.UnixDISA Oracle Linux 9 STIG v1r5
OS10-NDM-000760 - The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period.Dell_OS10DISA Dell OS10 Switch NDM STIG v1r1
PHTN-67-000066 - The Photon operating system must prohibit the use of cached authenticators after one day.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-08-020290 - RHEL 8 must prohibit the use of cached authentications after one day.UnixDISA Red Hat Enterprise Linux 8 STIG v2r7
RHEL-09-631020 - RHEL 9 must prohibit the use of cached authenticators after one day.UnixDISA Red Hat Enterprise Linux 9 STIG v2r8
RHEL-10-701290 - RHEL 10 must prohibit the use of cached authenticators after one day.UnixDISA Red Hat Enterprise Linux 10 STIG v1r1
SLEM-05-631010 - If Network Security Services (NSS) is being used by SLEM 5 it must prohibit the use of cached authentications after one day.UnixDISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4
SLEM-05-631015 - SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.UnixDISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4
SLES-12-010670 - If Network Security Services (NSS) is being used by the SUSE operating system it must prohibit the use of cached authentications after one day.UnixDISA SLES 12 STIG v3r5
SLES-12-010680 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.UnixDISA SLES 12 STIG v3r5