STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Application Programming Interface (API) Security Requirements Guide

V-274680

CAT II (Medium)

API access tokens must be configured to expire.

Rule ID

SV-274680r1143713_rule

STIG

Application Programming Interface (API) Security Requirements Guide

Version

V1R1

CCIs

CCI-002007

Discussion

API access tokens are short-lived credentials used to authenticate and authorize API requests. They are included in request headers to grant access to protected resources without requiring user credentials each time. To enhance security, they must have expiration times and require renewal through refresh tokens. If cached authentication information is out of date, the validity of the authentication information may be questionable.

Check Content

Verify API access tokens are configured to expire according to organizational defined parameters.

If API access tokens are not configured to expire according to organizational defined parameters, this is a finding.

Fix Text

Build or configure API access tokens to expire according to organizational defined parameters.