Navigate

Check: SRG-OS-000374-GPOS-00159

General Purpose Operating System SRG: SRG-OS-000374-GPOS-00159 (in versions v2 r7 through v1 r4)

Title

The operating system must require devices to re-authenticate when changing authenticators. (Cat II impact)

Discussion

Without re-authentication, devices may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to change device authenticators, it is critical the device re-authenticate.

Check Content

Verify the operating system requires devices to re-authenticate when changing authenticators. If it does not, this is a finding.

Fix Text

Configure the operating system to require devices to re-authenticate when changing authenticators.

Additional Identifiers

Rule ID: SV-203726r851797_rule

Vulnerability ID: V-203726

Group Title: SRG-OS-000374

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-002039	The organization requires devices to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-11	Re-Authentication