The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-269795 | SRG-APP-000400-NDM-000313 | OS10-NDM-000760 | SV-269795r1052420_rule | 2024-12-11 | 1 |
| Description |
|---|
| Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators. |
| ℹ️ Check |
|---|
| Review the OS10 Switch configuration to determine if it prohibits the use of cached authenticators after an organization-defined time period. Verify the rest authentication token validity setting is configured. If no entry is displayed, the default is 120 minutes. OS10# show running-configuration | grep "rest authentication token validity" rest authentication token validity 60 If cached authenticators are used after an organization-defined time period, this is a finding. |
| ✔️ Fix |
|---|
| Configure the OS10 Switch to prohibit the use of cached authenticators after an organization-defined time period: OS10(config)# rest authentication token validity {minutes} |