Navigate

Check: SRG-OS-000373-GPOS-00157

General Purpose Operating System SRG: SRG-OS-000373-GPOS-00157 (in versions v2 r7 through v1 r4)

Title

The operating system must require users to re-authenticate when changing roles. (Cat II impact)

Discussion

Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to change security roles, it is critical the user re-authenticate.

Check Content

Verify the operating system requires users to re-authenticate when changing roles. If it does not, this is a finding.

Fix Text

Configure the operating system to require users to re-authenticate when changing roles.

Additional Identifiers

Rule ID: SV-203724r851795_rule

Vulnerability ID: V-203724

Group Title: SRG-OS-000373

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-002038	The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-11	Re-Authentication