CCI-002007

Prohibit the use of cached authenticators after an organization-defined time period.

12 rules found Severity: Medium

20 rules found Severity: Medium

9 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Low

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

CCI-002007

Configure SSSD's Memory Cache to Expire

Configure SSSD to Expire Offline Credentials

Configure SSSD to Expire SSH Known Hosts

The CA API Gateway must prohibit the use of cached authenticators after an organization-defined time period.

Citrix License Server must prohibit the use of cached authenticators after an organization-defined time period.

XenDesktop License Server must prohibit the use of cached authenticators after an organization-defined time period.

The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.

The HYCU server must prohibit the use of cached authenticators after an organization-defined time period.

The DataPower Gateway must prohibit the use of cached authenticators after an organization-defined time period.

The IBM Aspera High-Speed Transfer Endpoint must prohibit the use of cached authenticators after an organization-defined time period.

The IBM Aspera High-Speed Transfer Server must prohibit the use of cached authenticators after an organization-defined time period.

The MQ Appliance WebGUI interface to the messaging server must prohibit the use of cached authenticators after one hour.

The MQ Appliance SSH interface to the messaging server must prohibit the use of cached authenticators after 600 seconds.

The WebSphere Application Server must prohibit the use of cached authenticators after an organization-defined time period.

The MQ Appliance network device must prohibit the use of cached authenticators after an organization-defined time period.

The remember password for internet e-mail accounts must be disabled.

The "remember password" for internet e-mail accounts must be disabled.

The remember password for internet e-mail accounts must be disabled.

Nutanix AOS must prohibit the use of cached authenticators.

Symantec ProxySG must prohibit the use of cached authenticators after 300 seconds at a minimum.

The NSX-T Manager must prohibit the use of cached authenticators after an organization-defined time period.

The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.

MongoDB must prohibit the use of cached authenticators after an organization-defined time period.

The Cisco ISE must prohibit the use of cached authenticators after an organization-defined time period.

The F5 BIG-IP appliance must prohibit the use of cached authenticators after eight hours or less.

If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day.

The WebSphere Liberty Server must prohibit the use of cached authenticators after an organization-defined time period.

The Juniper EX switch must be configured to prohibit the use of cached authenticators after an organization-defined time period.

The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls on MKE must be set.

MarkLogic Server must prohibit the use of cached authenticators after an organization-defined time period.

The Password Manager must be disabled.

The network device must prohibit the use of cached authenticators after an organization-defined time period.

The MySQL Database Server 8.0 must prohibit the use of cached authenticators after an organization-defined time period.

Redis Enterprise DBMS must prohibit the use of cached authenticators after an organization-defined time period.

Automation Controller must be configured to use an enterprise user management system.

If Network Security Services (NSS) is being used by SLEM 5 it must prohibit the use of cached authentications after one day.

SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.

TOSS must prohibit the use of cached authentications after one day.

NixOS must prohibit the use of cached authenticators after one day.

Apple iOS/iPadOS 18 must implement the management setting: treat AirDrop as an unmanaged destination.

Apple iOS/iPadOS 18 must implement the management setting: not have any Family Members in Family Sharing.

The application server must prohibit the use of cached authenticators after an organization-defined time period.

The ALG must prohibit the use of cached authenticators after an organization-defined time period.

The application must terminate existing user sessions upon account deletion.

Ubuntu 22.04 LTS must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.

AlmaLinux OS 9 must prohibit the use of cached authenticators after one day.

The container platform must prohibit the use of cached authenticators after an organization-defined time period.

The DBMS must prohibit the use of cached authenticators after an organization-defined time period.

The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period.

AOS must prohibit the use of cached authenticators after an organization-defined time period.

The operating system must prohibit the use of cached authenticators after one day.

MariaDB must prohibit the use of cached authenticators after an organization-defined time period.

The Mainframe Product must prohibit the use of cached authenticators after one hour.

Prisma Cloud Compute local accounts must enforce strong password requirements.

OL 8 must prohibit the use of cached authentications after one day.

OpenShift must set server token max age no greater than eight hours.

RHEL 8 must prohibit the use of cached authentications after one day.

RHEL 9 must prohibit the use of cached authenticators after one day.

If Network Security Services (NSS) is being used by the SUSE operating system it must prohibit the use of cached authentications after one day.

The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.

The UEM server must prohibit the use of cached authenticators after an organization-defined time period.

The NSX Manager must terminate all network connections associated with a session after five minutes of inactivity.

The VMM must prohibit the use of cached authenticators after one day.