The operating system must require devices to re-authenticate when changing authenticators.

STIG ID: SRG-OS-000374-GPOS-00159  |  SRG: SRG-OS-000374 |  Severity: medium |  CCI: CCI-002039 |  Vulnerability Id: V-203726 | 

Vulnerability Discussion

Without re-authentication, devices may access resources or perform tasks for which they do not have authorization.

When operating systems provide the capability to change device authenticators, it is critical the device re-authenticate.

Check

Verify the operating system requires devices to re-authenticate when changing authenticators. If it does not, this is a finding.

Fix

Configure the operating system to require devices to re-authenticate when changing authenticators.