The ISSO/NSO will ensure if 802.1x Port Authentication is implemented, re-authentication must occur every 60 minutes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-5624 | NET-NAC-012 | SV-5624r2_rule | Medium |
| Description |
|---|
| Eliminating unauthorized access to the network from inside the enclave is vital to keeping a network secure. Internal access to the private network is enabled by simply connecting a workstation or laptop to a wall plate or access point located in the work area. |
| STIG | Date |
|---|---|
| Infrastructure L3 Switch - Cisco Security Technical Implementation Guide | 2017-09-28 |
Details
| Check Text ( C-3773r2_chk ) |
|---|
| Review the switch configuration for one of the following interface command: dot1x reauthentication or authentication periodic Once one of the interface commands, dot1x reauthentication or authentication periodic, is enabled, the default is 60 minutes. The interval can be made smaller. For example, if you would want re-authentication to occur every 30 minutes, you would configure the following interface command: dot1x timeout reauth-period 1800 or authentication timer reauthenticate 1800. |
| Fix Text (F-5535r1_fix) |
|---|
| Ensure 802.1x reauthentication occurs every 60 minutes. |