3.013 - Caching of logon credentials must be limited.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The default Windows configuration caches the last logon credentials for users who log on interactively to a system. This feature is provided for system availability reasons, such as the user's machine being disconnected from the network or domain controllers being unavailable. Even though the credential cache is well-protected, if a system is attacked, an unauthorized individual may isolate the password to a domain user account using a password-cracking program and gain access to the domain.

Solution

If the system is not a member of a domain, this is NA.
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Interactive Logon: Number of previous logons to cache (in case Domain Controller is not available)' to '2' logons or less.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2008_DC_V6R47_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(13), CAT|III, CCI|CCI-000366, CSCv6|16, Rule-ID|SV-28979r3_rule, STIG-ID|3.013, Vuln-ID|V-1090

Plugin: Windows

Control ID: 3371ed2795db1e76347e4b4fcc56d4f9f8ae3b602c669e43bdcb4fc2fddc408e