Free DISA STIG and SRG Library | Vaulted

V-56831

The operating system must require users to re-authenticate when changing roles.

Finding ID
SRG-OS-000373-GPOS-00157
Rule ID
SV-71091r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000373-GPOS-00157
CCI
CCI-002038
Target Key
(None)
Documentable
No
Discussion

Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to change security roles, it is critical the user re-authenticate.

Fix Text

Configure the operating system to require users to re-authenticate when changing roles.

Check Content

Verify the operating system requires users to re-authenticate when changing roles. If it does not, this is a finding.