A MAC Authentication Bypass policy must be implemented for 802.1x unsupported devices that connect to the Enterprise Voice, Video, and Messaging system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259939 | SRG-VOIP-000590 | SV-259939r948786_rule | CCI-001548 | medium |
| Description | ||||
| MAC Authentication Bypass (MAB) is not a sufficient stand-alone authentication mechanism for non-802.1x supplicant endpoints. Additional policy-based validation techniques must be developed to ensure that 802.1x exempted devices are properly tracked and controlled to prevent compromise of the underlying 802.1x system and allow unapproved devices to access the Enterprise Voice, Video, and Messaging system. | ||||
| STIG | Date | |||
| Enterprise Voice, Video, and Messaging Policy Security Requirements Guide | 2025-05-29 | |||
Details
Check Text (C-259939r948786_chk)
Verify a policy and procedure is in place and enforced that addresses the operation of MAC Authentication Bypass exceptions to 802.1x requirements.
If a MAC Authentication Bypass policy is not in place and enforced, this is a finding.
Fix Text (F-63577r946737_fix)
Ensure a policy and procedure is in place and enforced that addresses the operation of MAC Authentication Bypass exceptions to 802.1x requirements.