800-53|IA-5(13)

Title

EXPIRATION OF CACHED AUTHENTICATORS

Description

The information system prohibits the use of cached authenticators after [Assignment: organization-defined time period].

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.6.5 Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.24 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.24 IBMW-LS-000970UnixCIS IBM WebSphere Liberty Server STIG v1.0.0 CAT II
1.59 SLES-15-010490UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.60 SLES-15-010500UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.69 AZLX-23-001305UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.69 MADB-10-008300MySQLDBCIS MariaDB Enterprise 10.x STIG v1.1.0 CAT II MySQLDB
1.91 UBTU-24-400340UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.110 UBTU-22-631015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.174 OL09-00-000935UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.193 OL08-00-020290UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.302 ALMA-09-038630UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.350 RHEL-09-631020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.400 RHEL-10-701290UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
2.3.7.5 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1
2.3.7.5 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2016 v4.0.0 L2 MS
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Windows Server 2012 MS L2 v3.0.0
2.3.7.6 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Windows Server 2012 R2 MS L2 v3.0.0
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 11 Enterprise v5.0.1 L2 BL
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 11 Enterprise v5.0.1 L2
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2025 v2.0.0 L2 MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2022 v5.0.0 L2 MS
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)WindowsCIS Microsoft Windows Server 2019 v5.0.0 L2 MS
2.3.7.7 (L1) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L2
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG
2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.10.56.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG
18.10.57.2.3 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL
18.10.57.2.3 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL
18.10.57.2.3 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v5.0.1 L1
18.10.57.2.3 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v5.0.0 L1