Navigate

Check: SRG-OS-000373-GPOS-00158

General Purpose Operating System SRG: SRG-OS-000373-GPOS-00158 (in versions v2 r7 through v1 r4)

Title

The operating system must require users to re-authenticate when changing authenticators. (Cat II impact)

Discussion

Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to change user authenticators, it is critical the user re-authenticate.

Check Content

Verify the operating system requires users to re-authenticate when changing authenticators. If it does not, this is a finding.

Fix Text

Configure the operating system to require users to re-authenticate when changing authenticators.

Additional Identifiers

Rule ID: SV-203725r851796_rule

Vulnerability ID: V-203725

Group Title: SRG-OS-000373

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-002038	The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-11	Re-Authentication