Title

The Enterprise Voice, Video, and Messaging Endpoint must be configured to integrate into the implemented 802.1x network access control system. (Cat II impact)

Discussion

IEEE 802.1x is a protocol used to control access to LAN services via a network access switchport or wireless access point that requires a device or user to authenticate to the network element and become authorized by the authentication server before accessing the network. This standard is used to activate the network access switchport limiting traffic to a specific VLAN or install traffic filters. Implementing 802.1x port security on each access switchport denies all other MAC users, which eliminates the security risk of additional users attaching to a switch to bypass authentication. The hardware Enterprise Voice, Video, and Messaging Endpoint must be an 802.1x supplicant and integrate into the 802.1x access control system. When 802.1x is used, all devices connecting to the LAN are required to use 802.1x. MAC Authentication Bypass is permitted by the Enterprise Voice, Video, and Messaging Requirements Guide when the endpoint does not support 802.1x or required by mission continuity of operation requirements.

Check Content

Verify the Enterprise Voice, Video, and Messaging Endpoint is configured to integrate into the implemented 802.1x network access control system. If the Enterprise Voice, Video, and Messaging Endpoint does not integrate into the implemented 802.1x network access control system, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Endpoint to integrate into the implemented 802.1x network access control system.

Additional Identifiers

Rule ID: SV-259944r948801_rule

Vulnerability ID: V-259944

Group Title: SRG-NET-000018

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.