CCI|CCI-002038

Title

The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.070 - The system is configured to permit storage of credentials or .NET Passports.WindowsDISA Windows Vista STIG v6r41
3.129 - User Account Control - Built In Admin Approval ModeWindowsDISA Windows Vista STIG v6r41
3.131 - User Account Control - Behavior of elevation prompt for standard users.WindowsDISA Windows Vista STIG v6r41
3.137 - User Account Control - Run all admins in Admin Approval ModeWindowsDISA Windows Vista STIG v6r41
5.2.4 Ensure users must provide password for escalationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.2.5 Ensure users must re-authenticate for privilege escalationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.2.7 Ensure sudo authentication timeout is configured - sudo command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.042 - Terminal Services is not configured to always prompt a client for passwords upon connection.WindowsDISA Windows Vista STIG v6r41
5.116 - Terminal Services / Remote Desktop Service - Prevent password saving in the Remote Desktop ClientWindowsDISA Windows Vista STIG v6r41
5.224 - Power Mgmt - Password Wake on BatteryWindowsDISA Windows Vista STIG v6r41
5.225 - Power Mgmt - Password Wake When Plugged InWindowsDISA Windows Vista STIG v6r41
AIX7-00-002061 - AIX must remove NOPASSWD tag from sudo config files.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002062 - AIX must remove !authenticate option from sudo config files.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002108 - If GSSAPI authentication is not required on AIX, the SSH daemon must disable GSSAPI authentication.UnixDISA STIG AIX 7.x v3r1
APPL-13-004022 - The macOS system must require users to reauthenticate for privilege escalation when using the 'sudo' command - sudo command.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-004022 - The macOS system must require users to reauthenticate for privilege escalation when using the "sudo" command.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-004060 - The macOS system must configure sudoers timestamp type.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
Big Sur - Require users to reauthenticate for privilege escalationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
CASA-VN-000350 - The Cisco ASA VPN gateway must be configured to renegotiate the IPsec Security Association after eight hours or less.CiscoDISA STIG Cisco ASA VPN v2r2
CASA-VN-000360 - The Cisco ASA VPN gateway must be configured to renegotiate the IKE security association after 24 hours or less.CiscoDISA STIG Cisco ASA VPN v2r2
Catalina - Require users to reauthenticate for privilege escalationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - lifetime_minutesUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - renewal_threshold_minutesUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
EP11-00-008800 - The EDB Postgres Advanced Server must require users to re-authenticate when organization-defined circumstances or situations require re-authentication.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
F5BI-AP-000191 - The BIG-IP APM module must require users to reauthenticate when the user's role or information authorizations are changed.F5DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-AP-000230 - The F5 BIG-IP appliance must be configured to set a 'Maximum Session Timeout' value of 8 hours or less.F5DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000191 - The BIG-IP Core implementation must require users to reauthenticate when the user's role, the information authorizations, and/or the maximum session timeout is exceeded for the virtual server(s).F5DISA F5 BIG-IP Local Traffic Manager STIG v2r3
GEN001025 - The sudo command must require authentication - /etc/sudoers - !authenticateUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001025 - The sudo command must require authentication - /etc/sudoers.d/* - !authenticateUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001025 - The sudo command must require authentication - /etc/sudoers.d/* - NOPASSWDUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001025 - The sudo command must require authentication - /etc/sudoers !authenticateUnixDISA STIG for Oracle Linux 5 v2r1
GEN001025 - The sudo command must require authentication - /etc/sudoers NOPASSWDUnixDISA STIG for Oracle Linux 5 v2r1
GEN001025 - The sudo command must require authentication - /etc/sudoers.d/ !authenticateUnixDISA STIG for Oracle Linux 5 v2r1
GEN001025 - The sudo command must require authentication - /etc/sudoers.d/ NOPASSWDUnixDISA STIG for Oracle Linux 5 v2r1
GEN001025 - The sudo command must require authentication -/etc/sudoers - NOPASSWDUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
MADB-10-008200 - MariaDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.MySQLDBDISA MariaDB Enterprise 10.x v2r2 DB
MD3X-00-000700 - MongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-005600 - MongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
Monterey - Require users to reauthenticate for privilege escalationUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Require users to reauthenticate when changing authenticatorsUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
MYS8-00-010400 - The MySQL Database Server 8.0 must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
OL07-00-010340 - The Oracle Linux operating system must be configured so that users must provide a password for privilege escalation.UnixDISA Oracle Linux 7 STIG v3r1