The IAO/NSO will ensure if 802.1x Port Authentication is implemented, re-authentication must occur every 60 minutes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-5624 | NET-NAC-012 | SV-5624r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Eliminating unauthorized access to the network from inside the enclave is vital to keeping a network secure. Internal access to the private network is enabled by simply connecting a workstation or laptop to a wall plate or access point located in the work area. |
| STIG | Date |
|---|---|
| Perimeter L3 Switch Security Technical Implementation Guide - Cisco | 2015-04-06 |
Details
| Check Text ( C-3773r1_chk ) |
|---|
| Review the switch configuration for the following interface command: dot1x reauthentication Once re-authentication is enabled, the default is 60 minutes. The interval can be made smaller. For example, if you would want re-authentication to occur every 30 minutes, you would configure the following interface commnand: dot1x timeout reauth-period 1800 |
| Fix Text (F-5535r1_fix) |
|---|
| Ensure 802.1x reauthentication occurs every 60 minutes. |