The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-269795 | SRG-APP-000400-NDM-000313 | OS10-NDM-000760 | SV-269795r1052420_rule | 2024-12-11 | 1 |
Description
Some authentication implementations can be configured to use cached authenticators.
If cached authentication information is out-of-date, the validity of the authentication information may be questionable.
The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.
ℹ️ Check
Review the OS10 Switch configuration to determine if it prohibits the use of cached authenticators after an organization-defined time period.
Verify the rest authentication token validity setting is configured. If no entry is displayed, the default is 120 minutes.
OS10# show running-configuration | grep "rest authentication token validity"
rest authentication token validity 60
If cached authenticators are used after an organization-defined time period, this is a finding.
✔️ Fix
Configure the OS10 Switch to prohibit the use of cached authenticators after an organization-defined time period:
OS10(config)# rest authentication token validity {minutes}