Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The HYCU server must prohibit the use of cached authenticators after an organization-defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246855 | HYCU-IA-000007 | SV-246855r768229_rule | Medium |
| Description |
|---|
| Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators. |
| STIG | Date |
|---|---|
| HYCU for Nutanix Security Technical Implementation Guide | 2021-08-03 |
Details
| Check Text ( C-50287r768227_chk ) |
|---|
| Log on to the HYCU VM console and run the following command: grep Defaults /etc/sudoers Verify the "Defaults" value is set to "env_reset,timestamp_timeout=0". If the "Defaults" value is not set to "env_reset,timestamp_timeout=0", this is a finding. |
| Fix Text (F-50241r768228_fix) |
|---|
| Log on to the HYCU VM console and run the following command: grep Defaults /etc/sudoers Verify the "Defaults" value is set to "env_reset,timestamp_timeout=0". If it is not set, run sudo vi /etc/sudoers and configure the timeout value to "0" by adding/editing the following line into the file and saving it: Defaults env_reset,timestamp_timeout=0 |