AOS must prohibit the use of cached authenticators after an organization-defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-266959 | ARBA-ND-000313 | SV-266959r1039898_rule | CCI-002007 | medium |
| Description | ||||
| Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out of date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators. | ||||
| STIG | Date | |||
| HPE Aruba Networking AOS NDM Security Technical Implementation Guide | 2024-10-29 | |||
Details
Check Text (C-266959r1039898_chk)
Verify the AOS configuration with the following command:
show configuration effective | include auth-survivability
If "aaa auth-survivability enable" is returned and "auth-survivability" is enabled, this is a finding.
Fix Text (F-70786r1039897_fix)
Configure AOS with the following commands:
configure terminal
no aaa auth-survivability enable
write memory