UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The ISSO/NSO will ensure if 802.1x Port Authentication is implemented, re-authentication must occur every 60 minutes.


Overview

Finding ID Version Rule ID IA Controls Severity
V-5624 NET-NAC-012 SV-5624r2_rule Medium
Description
Eliminating unauthorized access to the network from inside the enclave is vital to keeping a network secure. Internal access to the private network is enabled by simply connecting a workstation or laptop to a wall plate or access point located in the work area.
STIG Date
Layer 2 Switch Security Technical Implementation Guide - Cisco 2018-03-02

Details

Check Text ( C-3773r2_chk )
Review the switch configuration for one of the following interface command: dot1x reauthentication or authentication periodic

Once one of the interface commands, dot1x reauthentication or authentication periodic, is enabled, the default is 60 minutes.

The interval can be made smaller. For example, if you would want re-authentication to occur every 30 minutes, you would configure the following interface command: dot1x timeout reauth-period 1800 or authentication timer reauthenticate 1800.
Fix Text (F-5535r1_fix)
Ensure 802.1x reauthentication occurs every 60 minutes.