STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Programming Interface (API) Security Requirements Guide

V-274680

CAT II (Medium)

API access tokens must be configured to expire.

Rule ID

SV-274680r1143713_rule

STIG

Application Programming Interface (API) Security Requirements Guide

Version

V1R1

CCIs

CCI-002007

Discussion

API access tokens are short-lived credentials used to authenticate and authorize API requests. They are included in request headers to grant access to protected resources without requiring user credentials each time. To enhance security, they must have expiration times and require renewal through refresh tokens. If cached authentication information is out of date, the validity of the authentication information may be questionable.

Check Content

Verify API access tokens are configured to expire according to organizational defined parameters.

If API access tokens are not configured to expire according to organizational defined parameters, this is a finding.

Fix Text

Build or configure API access tokens to expire according to organizational defined parameters.