800-53|IA-5(13)

Title

EXPIRATION OF CACHED AUTHENTICATORS

Description

The information system prohibits the use of cached authenticators after [Assignment: organization-defined time period].

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.6.5 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.24 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
2.3.7.5 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1
2.3.7.5 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'	Windows	CIS Windows 7 Workstation Level 2 v3.2.0
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L2 MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Windows Server 2012 R2 MS L2 v3.0.0
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L2 MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Windows Server 2012 MS L2 v3.0.0
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L2 MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L2 MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS
2.3.7.7 (L1) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL

Detections

Analytics

800-53|IA-5(13)

Title

Description

Reference Item Details

Audit Items