| V-270233 | | Microsoft Entra ID must be configured to use multifactor authentication (MFA). | Without the use of MFA, the ease of access to privileged functions is greatly increased.
MFA requires the use of two or more factors to achieve auth... |
| V-270200 | | Microsoft Entra ID must initiate a session lock after a 15-minute period of inactivity. | Session locks are temporary actions taken to prevent logical access to organizational systems when users stop work and move away from the immediate vi... |
| V-270204 | | Microsoft Entra ID must automatically disable accounts after a 35-day period of account inactivity. | Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive acc... |
| V-270208 | | Microsoft Entra ID must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, ... |
| V-270209 | | Microsoft Entra ID must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the application. | Display of the DOD-approved use notification before granting access to the application ensures privacy and security notification verbiage used is cons... |
| V-270227 | | Microsoft Entra ID must be configured to transfer logs to another server for storage, analysis, and reporting. | Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate... |
| V-270239 | | Microsoft Entra ID must enforce a 60-day maximum password lifetime restriction. | Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals.
One method of minimizi... |
| V-270255 | | Microsoft Entra ID must notify system administrators (SAs) and the information system security officer (ISSO) when privileges are being requested. | When application accounts are modified, user accessibility is affected. Accounts are used for identifying individual users or for identifying the appl... |
| V-270335 | | Microsoft Entra ID must use Privileged Identity Management (PIM). | Emergency accounts are administrator accounts established in response to crisis situations where the need for rapid account activation is required. Th... |
| V-270475 | | Microsoft Entra ID must, for password-based authentication, verify when users create or update passwords that the passwords are not found on the list of commonly used, expected, or compromised passwords. | Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords ... |
