Documentation - V-274849

V-274849

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

The API must refresh access tokens in accordance with organization-defined identification and authentication policy.

Description

<VulnDiscussion>An API must refresh access tokens to maintain secure, uninterrupted access while minimizing the risk of token misuse or expiration. Access tokens typically have a limited lifespan and refreshing them allows users to maintain active sessions without needing to re-authenticate. If the API is not relying on an API Gateway for token management, it becomes responsible for issuing and refreshing tokens directly, ensuring that users can continue to interact with the API seamlessly, wh...

Fix Text (Documentation Requirement)

Build or configure the API to refresh access tokens in accordance with organization-defined identification and authentication policy.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel