A MAC Authentication Bypass policy must be implemented for 802.1x unsupported devices that connect to the Enterprise Voice, Video, and Messaging system.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-259939	SRG-VOIP-000590	SRG-VOIP-000590	SV-259939r948786_rule	2024-03-12	1

Description
MAC Authentication Bypass (MAB) is not a sufficient stand-alone authentication mechanism for non-802.1x supplicant endpoints. Additional policy-based validation techniques must be developed to ensure that 802.1x exempted devices are properly tracked and controlled to prevent compromise of the underlying 802.1x system and allow unapproved devices to access the Enterprise Voice, Video, and Messaging system.

Description

MAC Authentication Bypass (MAB) is not a sufficient stand-alone authentication mechanism for non-802.1x supplicant endpoints. Additional policy-based validation techniques must be developed to ensure that 802.1x exempted devices are properly tracked and controlled to prevent compromise of the underlying 802.1x system and allow unapproved devices to access the Enterprise Voice, Video, and Messaging system.

ℹ️ Check
Verify a policy and procedure is in place and enforced that addresses the operation of MAC Authentication Bypass exceptions to 802.1x requirements. If a MAC Authentication Bypass policy is not in place and enforced, this is a finding.

✔️ Fix
Ensure a policy and procedure is in place and enforced that addresses the operation of MAC Authentication Bypass exceptions to 802.1x requirements.