CCI|CCI-002038

Title

The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.070 - The system is configured to permit storage of credentials or .NET Passports.WindowsDISA Windows Vista STIG v6r41
3.129 - User Account Control - Built In Admin Approval ModeWindowsDISA Windows Vista STIG v6r41
3.131 - User Account Control - Behavior of elevation prompt for standard users.WindowsDISA Windows Vista STIG v6r41
3.137 - User Account Control - Run all admins in Admin Approval ModeWindowsDISA Windows Vista STIG v6r41
5.2.4 Ensure users must provide password for escalationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.2.5 Ensure users must re-authenticate for privilege escalationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.2.7 Ensure sudo authentication timeout is configured - sudo command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.042 - Terminal Services is not configured to always prompt a client for passwords upon connection.WindowsDISA Windows Vista STIG v6r41
5.116 - Terminal Services / Remote Desktop Service - Prevent password saving in the Remote Desktop ClientWindowsDISA Windows Vista STIG v6r41
5.224 - Power Mgmt - Password Wake on BatteryWindowsDISA Windows Vista STIG v6r41
5.225 - Power Mgmt - Password Wake When Plugged InWindowsDISA Windows Vista STIG v6r41
AIX7-00-002061 - AIX must remove NOPASSWD tag from sudo config files.UnixDISA STIG AIX 7.x v2r6
AIX7-00-002062 - AIX must remove !authenticate option from sudo config files.UnixDISA STIG AIX 7.x v2r6
AIX7-00-002108 - If GSSAPI authentication is not required on AIX, the SSH daemon must disable GSSAPI authentication.UnixDISA STIG AIX 7.x v2r6
Big Sur - Require users to reauthenticate for privilege escalationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
CASA-VN-000350 - The Cisco ASA VPN gateway must be configured to renegotiate the IPsec Security Association after eight hours or less.CiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000360 - The Cisco ASA VPN gateway must be configured to renegotiate the IKE security association after 24 hours or less.CiscoDISA STIG Cisco ASA VPN v1r1
Catalina - Require users to reauthenticate for privilege escalationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - lifetime_minutesUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - renewal_threshold_minutesUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
F5BI-AP-000191 - The BIG-IP APM module must require users to re-authenticate when organization-defined circumstances or situations require re-authentication.F5DISA F5 BIG-IP Access Policy Manager 11.x STIG v2r1
F5BI-LT-000191 - The BIG-IP Core implementation must be configured to require users to re-authenticate to virtual servers when organization-defined circumstances or situations require re-authentication.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
GEN001025 - The sudo command must require authentication - /etc/sudoers - !authenticateUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001025 - The sudo command must require authentication - /etc/sudoers.d/* - !authenticateUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001025 - The sudo command must require authentication - /etc/sudoers.d/* - NOPASSWDUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001025 - The sudo command must require authentication - /etc/sudoers !authenticateUnixDISA STIG for Oracle Linux 5 v2r1
GEN001025 - The sudo command must require authentication - /etc/sudoers NOPASSWDUnixDISA STIG for Oracle Linux 5 v2r1
GEN001025 - The sudo command must require authentication - /etc/sudoers.d/ !authenticateUnixDISA STIG for Oracle Linux 5 v2r1
GEN001025 - The sudo command must require authentication - /etc/sudoers.d/ NOPASSWDUnixDISA STIG for Oracle Linux 5 v2r1
GEN001025 - The sudo command must require authentication -/etc/sudoers - NOPASSWDUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
MD3X-00-000700 - MongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-005600 - MongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS
Monterey - Require users to reauthenticate for privilege escalationUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
OL07-00-010340 - The Oracle Linux operating system must be configured so that users must provide a password for privilege escalation.UnixDISA Oracle Linux 7 STIG v2r9
OL07-00-010343 - The Oracle Linux operating system must require re-authentication when using the 'sudo' command - sudo command.UnixDISA Oracle Linux 7 STIG v2r9
OL07-00-010344 - The Oracle Linux operating system must not be configured to bypass password requirements for privilege escalation.UnixDISA Oracle Linux 7 STIG v2r9
OL07-00-010350 - The Oracle Linux operating system must be configured so users must re-authenticate for privilege escalation - sudoersUnixDISA Oracle Linux 7 STIG v2r9
OL07-00-010350 - The Oracle Linux operating system must be configured so users must re-authenticate for privilege escalation - sudoers.dUnixDISA Oracle Linux 7 STIG v2r9
OL08-00-010380 - OL 8 must require users to provide a password for privilege escalation.UnixDISA Oracle Linux 8 STIG v1r2
OL08-00-010381 - OL 8 must require users to reauthenticate for privilege escalation and changing roles.UnixDISA Oracle Linux 8 STIG v1r2
OL08-00-010384 - OL 8 must require re-authentication when using the 'sudo' command - sudo command.UnixDISA Oracle Linux 8 STIG v1r2