800-53|IA-5(13)

Title

EXPIRATION OF CACHED AUTHENTICATORS

Description

The information system prohibits the use of cached authenticators after [Assignment: organization-defined time period].

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.6.5 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.24 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only)WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.3 Ensure 'Maximum lifetime for user ticket' is set to '10 or fewer hours, but not 0' (STIG DC only)WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
2.3.7.5 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1
2.3.7.5 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2019 v3.0.1 L2 MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Windows Server 2012 R2 MS L2 v3.0.0
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2016 v3.0.0 L2 MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Windows Server 2012 MS L2 v3.0.0
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L2 MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L2 MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS
2.3.7.7 (L1) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L2
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L2
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.56.2.3 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL