The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269795 | OS10-NDM-000760 | SV-269795r1052420_rule | CCI-002007 | medium |
| Description | ||||
| Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators. | ||||
| STIG | Date | |||
| Dell OS10 Switch NDM Security Technical Implementation Guide | 2024-12-11 | |||
Details
Check Text (C-269795r1052420_chk)
Review the OS10 Switch configuration to determine if it prohibits the use of cached authenticators after an organization-defined time period.
Verify the rest authentication token validity setting is configured. If no entry is displayed, the default is 120 minutes.
OS10# show running-configuration | grep "rest authentication token validity"
rest authentication token validity 60
If cached authenticators are used after an organization-defined time period, this is a finding.
Fix Text (F-73729r1051769_fix)
Configure the OS10 Switch to prohibit the use of cached authenticators after an organization-defined time period:
OS10(config)# rest authentication token validity {minutes}