The Edge SWG must prohibit the use of cached authenticators after an organization-defined time period.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-279270	SRG-APP-000400-NDM-000313	SYME-ND-000730	SV-279270r1170571_rule	2025-12-18	1

Description
Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.

Description

Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.

ℹ️ Check
1. Log in to the Edge SWG SSH CLI. 2. Enter "show realms". If under LDAP Realm the "Authorization refresh", "Credentials refresh", and "Surrogates refresh" are not set to 10 seconds, or what the site requires, this is a finding.

✔️ Fix
1. In the Edge SWG Web UI, navigate to the Configuration tab. 2. Select the "Authentication" and "Realms and Domains" areas. 3. Select the previously configured LDAP domain. 4. Click "Show" for "Advanced Settings". 5. Check "Use the same refresh time for all". 6. Under "Credential refresh time", add 10 seconds, or whatever the site requires.