Free DISA STIG and SRG Library | Vaulted
Removed

V-5624

The ISSO/NSO will ensure if 802.1x Port Authentication is implemented, re-authentication must occur every 60 minutes.

Finding ID
NET-NAC-012
Rule ID
SV-5624r2_rule
Severity
Cat II
CCE
(None)
Group Title
Re-authentication must occur every 60 minutes.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Eliminating unauthorized access to the network from inside the enclave is vital to keeping a network secure. Internal access to the private network is enabled by simply connecting a workstation or laptop to a wall plate or access point located in the work area.

Fix Text

Ensure 802.1x reauthentication occurs every 60 minutes.

Check Content

Review the switch configuration for one of the following interface command: dot1x reauthentication or authentication periodic Once one of the interface commands, dot1x reauthentication or authentication periodic, is enabled, the default is 60 minutes. The interval can be made smaller. For example, if you would want re-authentication to occur every 30 minutes, you would configure the following interface command: dot1x timeout reauth-period 1800 or authentication timer reauthenticate 1800.