| STIG ID | Version | Title | Product |
|---|---|---|---|
| SRG-APP-000400-API-000845 | V1R1 | The API must have a mechanism for cache invalidation when using cache policy data. | |
| SRG-APP-000400-API-000850 | V1R1 | When stateless authentication tokens are used, the API must configure them with appropriate security settings. | |
| SRG-APP-000400-API-000855 | V1R1 | The API's internal authorization tokens must not be provided back to the user. | |
| SRG-APP-000400-API-000860 | V1R1 | API access tokens must be configured to expire. | |
| SRG-APP-000400-API-000865 | V1R1 | API refresh tokens must be configured to expire. | |
| SRG-APP-000247-API-000870 | V1R1 | The API must enforce per-client rate limits. | |
| SRG-APP-000400-CTR-000960 | V2R3 | The container platform must prohibit the use of cached authenticators after an organization-defined time period. | |
| SRG-APP-000400-MFP-000241 | V3R3 | The Mainframe Product must prohibit the use of cached authenticators after one hour. |