Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system prohibits the use of cached authenticators after [Assignment: organization-defined time period].
NIST 800-53 (r4) Supplemental Guidance:
None.
References:
OMB Memoranda 04-04, 11-11; FIPS Publication 201; NIST Special Publications 800-73, 800-63, 800-76, 800-78; FICAM Roadmap and Implementation Guidance; Web: http://idmanagement.gov.
NIST 800-53 (r5) Discussion:
Cached authenticators are used to authenticate to the local machine when the network is not available. If cached authentication information is out of date, the validity of the authentication information may be questionable.
Related Controls: None.
38North Guidance:
Meets Minimum Requirement:
Prohibit the use of cached authenticators after the organization-defined time period.
Best Practice:
Implement solutions to have tokens expire after a certain time period. For example, if you have API calls, have the tokens expire after a certain time period.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Screenshots of personnel logging into the FedRAMP environment using their MFA tokens.
Observe personnel logging into system components that cached credentials aren’t being utilized.
Screenshots of configurations of components showing that cached credentials aren’t configured to be permitted.
CSP Implementation Tips: TBD
Page updated
Report abuse