STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Microsoft Entra ID Security Technical Implementation Guide

Version

V1R1

Release Date

Mar 17, 2025

SCAP Benchmark ID

MS_Entra_ID_STIG

Total Checks

10

Tags

other
CAT I: 1CAT II: 9CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (10)

V-270200MEDIUMMicrosoft Entra ID must initiate a session lock after a 15-minute period of inactivity.V-270204MEDIUMMicrosoft Entra ID must automatically disable accounts after a 35-day period of account inactivity.V-270208MEDIUMMicrosoft Entra ID must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.V-270209MEDIUMMicrosoft Entra ID must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the application.V-270227MEDIUMMicrosoft Entra ID must be configured to transfer logs to another server for storage, analysis, and reporting.V-270233HIGHMicrosoft Entra ID must be configured to use multifactor authentication (MFA).V-270239MEDIUMMicrosoft Entra ID must enforce a 60-day maximum password lifetime restriction.V-270255MEDIUMMicrosoft Entra ID must notify system administrators (SAs) and the information system security officer (ISSO) when privileges are being requested.V-270335MEDIUMMicrosoft Entra ID must use Privileged Identity Management (PIM).V-270475MEDIUMMicrosoft Entra ID must, for password-based authentication, verify when users create or update passwords that the passwords are not found on the list of commonly used, expected, or compromised passwords.