Capacity
CCI-002007
Prohibit the use of cached authenticators after an organization-defined time period.
11
Rule
Severity: Medium
Configure SSSD's Memory Cache to Expire
17
Rule
Severity: Medium
Configure SSSD to Expire Offline Credentials
9
Rule
Severity: Medium
Configure SSSD to Expire SSH Known Hosts
2
Rule
Severity: Medium
The ALG must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
The application server must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
The application must terminate existing user sessions upon account deletion.
1
Rule
Severity: Medium
The CA API Gateway must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
Citrix License Server must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
XenDesktop License Server must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.
1
Rule
Severity: Medium
The HYCU server must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
The DataPower Gateway must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
The MQ Appliance WebGUI interface to the messaging server must prohibit the use of cached authenticators after one hour.
1
Rule
Severity: Medium
The MQ Appliance SSH interface to the messaging server must prohibit the use of cached authenticators after 600 seconds.
2
Rule
Severity: Medium
The WebSphere Liberty Server must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
The WebSphere Application Server must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
The MQ Appliance network device must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
The Mainframe Product must prohibit the use of cached authenticators after one hour.
2
Rule
Severity: Medium
The Password Manager must be disabled.
1
Rule
Severity: Medium
The remember password for internet e-mail accounts must be disabled.
1
Rule
Severity: Medium
The "remember password" for internet e-mail accounts must be disabled.
1
Rule
Severity: Medium
The remember password for internet e-mail accounts must be disabled.
2
Rule
Severity: Medium
The network device must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
Nutanix AOS must prohibit the use of cached authenticators.
2
Rule
Severity: Medium
Prisma Cloud Compute local accounts must enforce strong password requirements.
1
Rule
Severity: Medium
Symantec ProxySG must prohibit the use of cached authenticators after 300 seconds at a minimum.
2
Rule
Severity: Medium
The UEM server must prohibit the use of cached authenticators after an organization-defined time period.
1
Rule
Severity: Medium
The NSX-T Manager must prohibit the use of cached authenticators after an organization-defined time period.
3
Rule
Severity: Low
The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.
2
Rule
Severity: Medium
The Cisco ISE must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
The container platform must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
The DBMS must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
The operating system must prohibit the use of cached authenticators after one day.
2
Rule
Severity: Medium
If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day.
2
Rule
Severity: Medium
The Juniper EX switch must be configured to prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
MarkLogic Server must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
MariaDB must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
MongoDB must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
OL 8 must prohibit the use of cached authentications after one day.
2
Rule
Severity: Medium
The MySQL Database Server 8.0 must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
Automation Controller must be configured to use an enterprise user management system.
2
Rule
Severity: Medium
Redis Enterprise DBMS must prohibit the use of cached authenticators after an organization-defined time period.
2
Rule
Severity: Medium
OpenShift must set server token max age no greater than eight hours.
2
Rule
Severity: Medium
RHEL 8 must prohibit the use of cached authentications after one day.
4
Rule
Severity: Medium
If Network Security Services (NSS) is being used by the SUSE operating system it must prohibit the use of cached authentications after one day.
4
Rule
Severity: Medium
The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.
2
Rule
Severity: Medium
RHEL 9 must prohibit the use of cached authenticators after one day.
2
Rule
Severity: Medium
The VMM must prohibit the use of cached authenticators after one day.
1
Rule
Severity: Low
Ubuntu 22.04 LTS must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.
1
Rule
Severity: Medium
The F5 BIG-IP appliance must prohibit the use of cached authenticators after eight hours or less.
1
Rule
Severity: Medium
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls on MKE must be set.
1
Rule
Severity: Medium
If Network Security Services (NSS) is being used by SLEM 5 it must prohibit the use of cached authentications after one day.
1
Rule
Severity: Medium
SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.
1
Rule
Severity: Medium
TOSS must prohibit the use of cached authentications after one day.
1
Rule
Severity: High
The NSX Manager must terminate all network connections associated with a session after five minutes of inactivity.
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must implement the management setting: treat AirDrop as an unmanaged destination.
1
Rule
Severity: Low
Apple iOS/iPadOS 18 must implement the management setting: not have any Family Members in Family Sharing.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules