Perimeter L3 Switch STIG Version Comparison
Perimeter L3 Switch Security Technical Implementation Guide
Comparison
There are 2 differences between versions v8 r30 (July 27, 2018) (the "left" version) and v8 r32 (Jan. 25, 2019) (the "right" version).
Check NET-NAC-012 was removed from the benchmark in the "right" version. The text below reflects the old wording.
This check's original form is available here.
Text Differences
Title
The ISSO/NSO will ensure if 802.1x Port Authentication is implemented, re-authentication must occur every 60 minutes.
Check Content
Review the switch configuration for one of the following interface command: dot1x reauthentication or authentication periodic Once one of the interface commands, dot1x reauthentication or authentication periodic, is enabled, the default is 60 minutes. The interval can be made smaller. For example, if you would want re-authentication to occur every 30 minutes, you would configure the following interface command: dot1x timeout reauth-period 1800 or authentication timer reauthenticate 1800.
Discussion
Eliminating unauthorized access to the network from inside the enclave is vital to keeping a network secure. Internal access to the private network is enabled by simply connecting a workstation or laptop to a wall plate or access point located in the work area.
Fix
Ensure 802.1x reauthentication occurs every 60 minutes.