The DBMS must prohibit the use of cached authenticators after an organization-defined time period.
Overview
| Finding ID |
Version |
Rule ID |
IA Controls |
Severity |
| V-206601 |
SRG-APP-000400-DB-000367 |
SV-206601r961521_rule |
|
Medium |
| Description |
| If cached authentication information is out-of-date, the validity of the authentication information may be questionable. |
Details
| Check Text (C-6861r291471_chk) |
Review system settings to determine whether the organization-defined limit for cached authentication is implemented.
If it is not implemented, this is a finding. |
| Fix Text (F-6861r291472_fix) |
| Modify system settings to implement the organization-defined limit on the lifetime of cached authenticators. |