Check: SRG-APP-000400-NDM-000313
Network Device Management SRG:
SRG-APP-000400-NDM-000313
(in versions v4 r3 through v2 r7)
Title
The network device must prohibit the use of cached authenticators after an organization-defined time period. (Cat II impact)
Discussion
Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.
Check Content
Review the network device configuration to determine if the network device or its associated authentication server prohibits the use of cached authenticators after an organization-defined time period. If cached authenticators are used after an organization-defined time period, this is a finding.
Fix Text
Configure the network device or its associated authentication server to prohibit the use of cached authenticators after an organization-defined time period.
Additional Identifiers
Rule ID: SV-202115r879773_rule
Vulnerability ID: V-202115
Group Title: SRG-APP-000400
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002007 |
The information system prohibits the use of cached authenticators after an organization-defined time period. |
Controls
Number | Title |
---|---|
IA-5 (13) |
Expiration Of Cached Authenticators |