The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269795 | OS10-NDM-000760 | SV-269795r1052420_rule | Medium |
| Description |
| Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators. |
| STIG | Date |
| Dell OS10 Switch NDM Security Technical Implementation Guide | 2024-12-11 |
Details
| Check Text (C-73828r1051768_chk) |
| Review the OS10 Switch configuration to determine if it prohibits the use of cached authenticators after an organization-defined time period. Verify the rest authentication token validity setting is configured. If no entry is displayed, the default is 120 minutes. OS10# show running-configuration | grep "rest authentication token validity" rest authentication token validity 60 If cached authenticators are used after an organization-defined time period, this is a finding. |
| Fix Text (F-73729r1051769_fix) |
| Configure the OS10 Switch to prohibit the use of cached authenticators after an organization-defined time period: OS10(config)# rest authentication token validity {minutes} |