AOS must prohibit the use of cached authenticators after an organization-defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-266959 | ARBA-ND-000313 | SV-266959r1039898_rule | Medium |
| Description |
| Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out of date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators. |
| STIG | Date |
| HPE Aruba Networking AOS NDM Security Technical Implementation Guide | 2024-10-29 |
Details
| Check Text (C-70883r1039896_chk) |
| Verify the AOS configuration with the following command: show configuration effective | include auth-survivability If "aaa auth-survivability enable" is returned and "auth-survivability" is enabled, this is a finding. |
| Fix Text (F-70786r1039897_fix) |
| Configure AOS with the following commands: configure terminal no aaa auth-survivability enable write memory |