STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-11 — Re-Authentication

CCI-002038

Definition

The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Parent Control

IA-11Re-AuthenticationIdentification and Authentication

Linked STIG Checks (170)

V-274014CAT IIAmazon Linux 2023 must require reauthentication when using the "sudo" command.Amazon Linux 2023 Security Technical Implementation Guide V-274015CAT IIAmazon Linux 2023 must require users to reauthenticate for privilege escalation.Amazon Linux 2023 Security Technical Implementation Guide V-222979CAT IIIdle timeout for the management application must be set to 10 minutes.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-257239CAT IIThe macOS system must require users to reauthenticate for privilege escalation when using the "sudo" command.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-274880CAT IIThe macOS system must configure sudoers timestamp type.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-274881CAT IIThe macOS system must require users to reauthenticate for privilege escalation when using the "sudo" command.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277160CAT IIThe macOS system must require users to reauthenticate for privilege escalation when using the "sudo" command.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277164CAT IIThe macOS system must configure sudoers timestamp type.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204997CAT IIThe ALG providing user authentication intermediary services must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Application Layer Gateway Security Requirements Guide V-274672CAT IIThe API must require periodic reauthentication.Application Programming Interface (API) Security Requirements Guide V-222520CAT IIThe application must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Application Security and Development Security Technical Implementation Guide V-222521CAT IIThe application must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.Application Security and Development Security Technical Implementation Guide V-204798CAT IIThe application server must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Application Server Security Requirements Guide V-237337CAT IThe ArcGIS Server Windows authentication must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.ArcGIS for Server 10.3 Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-237392CAT IIThe CA API Gateway providing user authentication intermediary services must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.CA API Gateway ALG Security Technical Implementation Guide V-219185CAT IIThe Ubuntu operating system must require users to re-authenticate for privilege escalation and changing roles.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238208CAT IIThe Ubuntu operating system must require users to reauthenticate for privilege escalation or when changing roles.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-274858CAT IIUbuntu 20.04 LTS must restrict privilege elevation to authorized personnel.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-274859CAT IIUbuntu 20.04 LTS must require users to provide a password for privilege escalation.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260558CAT IIUbuntu 22.04 LTS must require users to reauthenticate for privilege escalation or when changing roles.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-274860CAT IIUbuntu 22.04 LTS must require users to provide a password for privilege escalation.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-274861CAT IIThe operating system must restrict privilege elevation to authorized personnel.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-274869CAT IIUbuntu 24.04 LTS must restrict privilege elevation to authorized personnel.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221926CAT IIIThe Central Log Server must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Central Log Server Security Requirements Guide V-239963CAT IIThe Cisco ASA VPN gateway must be configured to renegotiate the IPsec Security Association after eight hours or less.Cisco ASA VPN Security Technical Implementation Guide V-239964CAT IIThe Cisco ASA VPN gateway must be configured to renegotiate the IKE security association after 24 hours or less.Cisco ASA VPN Security Technical Implementation Guide V-233193CAT IIThe container platform must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Container Platform Security Requirements Guide V-261927CAT IIPostgreSQL must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206600CAT IIThe DBMS must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Database Security Requirements Guide V-235825CAT IIThe Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-270904CAT IIDragos must configure idle timeouts at 10 minutes.Dragos Platform 2.x Security Technical Implementation Guide V-224204CAT IIThe EDB Postgres Advanced Server must require users to re-authenticate when organization-defined circumstances or situations require re-authentication.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213629CAT IIThe EDB Postgres Advanced Server must require users to re-authenticate when organization-defined circumstances or situations require re-authentication.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-260025CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must be configured to require Voice Video Endpoints to re-register at least every three hours.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-260026CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must be configured to require Voice Video peers to re-register (reauthenticate) at least every hour.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-215727CAT IIThe BIG-IP APM module must require users to reauthenticate when the user's role or information authorizations are changed.F5 BIG-IP Access Policy Manager Security Technical Implementation Guide V-259330CAT IIThe F5 BIG-IP appliance must be configured to set a "Maximum Session Timeout" value of 8 hours or less.F5 BIG-IP Access Policy Manager Security Technical Implementation Guide V-215779CAT IIThe BIG-IP Core implementation must require users to reauthenticate when the user's role, the information authorizations, and/or the maximum session timeout is exceeded for the virtual server(s).F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-266283CAT IIThe F5 BIG-IP appliance IPsec VPN Gateway must renegotiate the IPsec Phase 1 security association after eight hours or less.F5 BIG-IP TMOS VPN Security Technical Implementation Guide V-266284CAT IIThe F5 BIG-IP appliance IPsec VPN must renegotiate the IKE Phase 2 security association after eight hours or less.F5 BIG-IP TMOS VPN Security Technical Implementation Guide V-278399CAT IINGINX must be configured to require SSL sessions to reauthenticate no longer than 15 minutes.F5 NGINX Security Technical Implementation Guide V-237580CAT IICounterACT, when providing user authentication intermediary services, must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.ForeScout CounterACT ALG Security Technical Implementation Guide V-203723CAT IIThe operating system must require users to reauthenticate for privilege escalation.General Purpose Operating System Security Requirements Guide V-203724CAT IIThe operating system must require users to reauthenticate when changing roles.General Purpose Operating System Security Requirements Guide V-203725CAT IIThe operating system must require users to reauthenticate when changing authenticators.General Purpose Operating System Security Requirements Guide V-266997CAT IIAOS, when used as a VPN Gateway, must renegotiate the security association after 24 hours or less or as defined by the organization.HPE Aruba Networking AOS VPN Security Technical Implementation Guide V-215260CAT IAIX must remove NOPASSWD tag from sudo config files.IBM AIX 7.x Security Technical Implementation Guide V-215261CAT IIAIX must remove !authenticate option from sudo config files.IBM AIX 7.x Security Technical Implementation Guide V-215292CAT IIIf GSSAPI authentication is not required on AIX, the SSH daemon must disable GSSAPI authentication.IBM AIX 7.x Security Technical Implementation Guide V-65163CAT IIThe DataPower Gateway must require users to re-authenticate when privilege escalation or role changes occur.IBM DataPower Network Device Management Security Technical Implementation Guide V-250340CAT IIHTTP session timeout must be configured.IBM WebSphere Liberty Server Security Technical Implementation Guide V-253735CAT IIMariaDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220821CAT IIUsers must be prompted for a password on resume from sleep (on battery).Microsoft Windows 10 Security Technical Implementation Guide V-220822CAT IIThe user must be prompted for a password on resume from sleep (plugged in).Microsoft Windows 10 Security Technical Implementation Guide V-220848CAT IIPasswords must not be saved in the Remote Desktop Client.Microsoft Windows 10 Security Technical Implementation Guide V-220850CAT IIRemote Desktop Services must always prompt a client for passwords upon connection.Microsoft Windows 10 Security Technical Implementation Guide V-220867CAT IIThe Windows Remote Management (WinRM) service must not store RunAs credentials.Microsoft Windows 10 Security Technical Implementation Guide V-220944CAT IIUser Account Control approval mode for the built-in Administrator must be enabled.Microsoft Windows 10 Security Technical Implementation Guide V-220947CAT IIUser Account Control must automatically deny elevation requests for standard users.Microsoft Windows 10 Security Technical Implementation Guide V-220950CAT IIUser Account Control must run all administrators in Admin Approval Mode, enabling UAC.Microsoft Windows 10 Security Technical Implementation Guide V-253380CAT IIUsers must be prompted for a password on resume from sleep (on battery).Microsoft Windows 11 Security Technical Implementation Guide V-253381CAT IIThe user must be prompted for a password on resume from sleep (plugged in).Microsoft Windows 11 Security Technical Implementation Guide V-253402CAT IIPasswords must not be saved in the Remote Desktop Client.Microsoft Windows 11 Security Technical Implementation Guide V-253404CAT IIRemote Desktop Services must always prompt a client for passwords upon connection.Microsoft Windows 11 Security Technical Implementation Guide V-253420CAT IIThe Windows Remote Management (WinRM) service must not store RunAs credentials.Microsoft Windows 11 Security Technical Implementation Guide V-253468CAT IIUser Account Control approval mode for the built-in Administrator must be enabled.Microsoft Windows 11 Security Technical Implementation Guide V-253471CAT IIUser Account Control must automatically deny elevation requests for standard users.Microsoft Windows 11 Security Technical Implementation Guide V-253474CAT IIUser Account Control must run all administrators in Admin Approval Mode, enabling UAC.Microsoft Windows 11 Security Technical Implementation Guide V-224944CAT IIPasswords must not be saved in the Remote Desktop Client.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224946CAT IIRemote Desktop Services must always prompt a client for passwords upon connection.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224963CAT IIThe Windows Remote Management (WinRM) service must not store RunAs credentials.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225061CAT IIUser Account Control approval mode for the built-in Administrator must be enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225064CAT IIUser Account Control must automatically deny standard user requests for elevation.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225067CAT IIUser Account Control must run all administrators in Admin Approval Mode, enabling UAC.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205808CAT IIWindows Server 2019 must not save passwords in the Remote Desktop Client.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205809CAT IIWindows Server 2019 Remote Desktop Services must always prompt a client for passwords upon connection.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205810CAT IIWindows Server 2019 Windows Remote Management (WinRM) service must not store RunAs credentials.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205811CAT IIWindows Server 2019 User Account Control approval mode for the built-in Administrator must be enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205812CAT IIWindows Server 2019 User Account Control must automatically deny standard user requests for elevation.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205813CAT IIWindows Server 2019 User Account Control must run all administrators in Admin Approval Mode, enabling UAC.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254365CAT IIWindows Server 2022 must not save passwords in the Remote Desktop Client.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254367CAT IIWindows Server 2022 Remote Desktop Services must always prompt a client for passwords upon connection.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254383CAT IIWindows Server 2022 Windows Remote Management (WinRM) service must not store RunAs credentials.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254482CAT IIWindows Server 2022 User Account Control (UAC) approval mode for the built-in Administrator must be enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254485CAT IIWindows Server 2022 User Account Control (UAC) must automatically deny standard user requests for elevation.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254488CAT IIWindows Server 2022 User Account Control (UAC) must run all administrators in Admin Approval Mode, enabling UAC.Microsoft Windows Server 2022 Security Technical Implementation Guide V-221193CAT IIMongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252176CAT IIMongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-279383CAT IIMongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-254097CAT IINutanix AOS must automatically terminate a user session after 15 minutes of inactivity.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-254204CAT IINutanix AOS must require users to reauthenticate for privilege escalation.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279598CAT IINutanix OS must require users to reauthenticate for privilege escalation.Nutanix Acropolis GPOS Security Technical Implementation Guide V-279599CAT IINutanix OS must require users to reauthenticate for privilege escalation.Nutanix Acropolis GPOS Security Technical Implementation Guide V-273203CAT IIOkta must be configured to limit the global session lifetime to 18 hours.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-221692CAT IIThe Oracle Linux operating system must be configured so that users must provide a password for privilege escalation.Oracle Linux 7 Security Technical Implementation Guide V-228569CAT IIThe Oracle Linux operating system must be configured so users must re-authenticate for privilege escalation.Oracle Linux 7 Security Technical Implementation Guide V-237629CAT IIThe Oracle Linux operating system must require re-authentication when using the "sudo" command.Oracle Linux 7 Security Technical Implementation Guide V-251700CAT IIThe Oracle Linux operating system must not be configured to bypass password requirements for privilege escalation.Oracle Linux 7 Security Technical Implementation Guide V-248581CAT IIOL 8 must require users to provide a password for privilege escalation.Oracle Linux 8 Security Technical Implementation Guide V-248582CAT IIOL 8 must require users to reauthenticate for privilege escalation and changing roles.Oracle Linux 8 Security Technical Implementation Guide V-248585CAT IIOL 8 must require reauthentication when using the "sudo" command.Oracle Linux 8 Security Technical Implementation Guide V-252656CAT IIThe OL 8 operating system must not be configured to bypass password requirements for privilege escalation.Oracle Linux 8 Security Technical Implementation Guide V-235178CAT IIThe MySQL Database Server 8.0 must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Oracle MySQL 8.0 Security Technical Implementation Guide V-253538CAT IIPrisma Cloud Compute local accounts must enforce strong password requirements.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-214135CAT IIPostgreSQL must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.PostgreSQL 9.x Security Technical Implementation Guide V-281205CAT IIRHEL 10 must restrict the use of the "su" command.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281206CAT IIRHEL 10 must be configured to not bypass password requirements for privilege escalation.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281208CAT IIRHEL 10 must require users to reauthenticate for privilege escalation.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281209CAT IIRHEL 10 must require reauthentication when using the "sudo" command.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281210CAT IIRHEL 10 must use the invoking user's password for privilege escalation when using "sudo".Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281211CAT IRHEL 10 must require users to provide a password for privilege escalation.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204429CAT IIThe Red Hat Enterprise Linux operating system must be configured so that users must provide a password for privilege escalation.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204430CAT IIThe Red Hat Enterprise Linux operating system must be configured so that users must re-authenticate for privilege escalation.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-237635CAT IIThe Red Hat Enterprise Linux operating system must require re-authentication when using the "sudo" command.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-251704CAT IIThe Red Hat Enterprise Linux operating system must not be configured to bypass password requirements for privilege escalation.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230271CAT IIRHEL 8 must require users to provide a password for privilege escalation.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-230272CAT IIRHEL 8 must require users to reauthenticate for privilege escalation.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-237643CAT IIRHEL 8 must require re-authentication when using the "sudo" command.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-251712CAT IIThe RHEL 8 operating system must not be configured to bypass password requirements for privilege escalation.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258084CAT IIRHEL 9 must require reauthentication when using the "sudo" command.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258086CAT IIRHEL 9 must require users to reauthenticate for privilege escalation.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258088CAT IIRHEL 9 must restrict the use of the "su" command.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258106CAT IIRHEL 9 must require users to provide a password for privilege escalation.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258118CAT IIRHEL 9 must not be configured to bypass password requirements for privilege escalation.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257544CAT IIOpenShift must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-251221CAT IIRedis Enterprise DBMS must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Redis Enterprise 6.x Security Technical Implementation Guide V-275647CAT IIUbuntu OS must require users to reauthenticate for privilege escalation or when changing roles.Riverbed NetIM OS Security Technical Implementation Guide V-237605CAT IIThe SUSE operating system must require re-authentication when using the "sudo" command.SLES 12 Security Technical Implementation Guide V-251720CAT IIThe SUSE operating system must not be configured to bypass password requirements for privilege escalation.SLES 12 Security Technical Implementation Guide V-261373CAT IISLEM 5 must reauthenticate users when changing authenticators, roles, or escalating privileges.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261374CAT IISLEM 5 must require reauthentication when using the "sudo" command.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217112CAT IThe SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-237605CAT IIThe SUSE operating system must require re-authentication when using the "sudo" command.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-251720CAT IIThe SUSE operating system must not be configured to bypass password requirements for privilege escalation.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-221937CAT IIISplunk Enterprise idle session timeout must be set to not exceed 15 minutes.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251657CAT IISplunk Enterprise idle session timeout must be set to not exceed 15 minutes.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-279216CAT IIThe Edge SWG providing user authentication intermediary services must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.Symantec Edge SWG ALG Security Technical Implementation Guide V-94277CAT IISymantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication.Symantec ProxySG ALG Security Technical Implementation Guide V-252931CAT IITOSS must require reauthentication when using the "sudo" command.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-252958CAT IITOSS must require users to reauthenticate for privilege escalation.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-252959CAT IITOSS must require users to provide a password for privilege escalation.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282590CAT IITOSS 5 must use the invoking user's password for privilege escalation when using sudo.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-256533CAT IIThe Photon operating system must require users to reauthenticate for privilege escalation.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256334CAT IIThe vCenter Server must terminate vSphere Client sessions after 10 minutes of inactivity.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-259015CAT IIThe vCenter ESX Agent Manager service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide V-259049CAT IIThe vCenter Lookup service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-259083CAT IIThe vCenter Perfcharts service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-258847CAT IIThe Photon operating system must require users to reauthenticate for privilege escalation.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258983CAT IIThe vCenter STS service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V-259116CAT IIThe vCenter UI service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide V-258920CAT IIThe vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-73567CAT IIPasswords must not be saved in the Remote Desktop Client.Windows Server 2016 Security Technical Implementation Guide V-73567CAT IIPasswords must not be saved in the Remote Desktop Client.Windows Server 2016 Security Technical Implementation Guide V-73571CAT IIRemote Desktop Services must always prompt a client for passwords upon connection.Windows Server 2016 Security Technical Implementation Guide V-73571CAT IIRemote Desktop Services must always prompt a client for passwords upon connection.Windows Server 2016 Security Technical Implementation Guide V-73603CAT IIThe Windows Remote Management (WinRM) service must not store RunAs credentials.Windows Server 2016 Security Technical Implementation Guide V-73603CAT IIThe Windows Remote Management (WinRM) service must not store RunAs credentials.Windows Server 2016 Security Technical Implementation Guide V-73707CAT IIUser Account Control approval mode for the built-in Administrator must be enabled.Windows Server 2016 Security Technical Implementation Guide V-73707CAT IIUser Account Control approval mode for the built-in Administrator must be enabled.Windows Server 2016 Security Technical Implementation Guide V-73713CAT IIUser Account Control must automatically deny standard user requests for elevation.Windows Server 2016 Security Technical Implementation Guide V-73713CAT IIUser Account Control must automatically deny standard user requests for elevation.Windows Server 2016 Security Technical Implementation Guide V-73719CAT IIUser Account Control must run all administrators in Admin Approval Mode, enabling UAC.Windows Server 2016 Security Technical Implementation Guide V-73719CAT IIUser Account Control must run all administrators in Admin Approval Mode, enabling UAC.Windows Server 2016 Security Technical Implementation Guide V-93425CAT IIWindows Server 2019 must not save passwords in the Remote Desktop Client.Windows Server 2019 Security Technical Implementation Guide V-93427CAT IIWindows Server 2019 Remote Desktop Services must always prompt a client for passwords upon connection.Windows Server 2019 Security Technical Implementation Guide V-93429CAT IIWindows Server 2019 Windows Remote Management (WinRM) service must not store RunAs credentials.Windows Server 2019 Security Technical Implementation Guide V-93431CAT IIWindows Server 2019 User Account Control approval mode for the built-in Administrator must be enabled.Windows Server 2019 Security Technical Implementation Guide V-93433CAT IIWindows Server 2019 User Account Control must automatically deny standard user requests for elevation.Windows Server 2019 Security Technical Implementation Guide V-93435CAT IIWindows Server 2019 User Account Control must run all administrators in Admin Approval Mode, enabling UAC.Windows Server 2019 Security Technical Implementation Guide