STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must prohibit the use of cached authenticators after an organization-defined time period.

DISA Rule

SV-242652r714266_rule

Vulnerability Number

V-242652

Group Title

SRG-APP-000400-NDM-000313

Rule Version

CSCO-NM-000470

Severity

CAT II

CCI(s)

• CCI-002007 - The information system prohibits the use of cached authenticators after an organization-defined time period.

Weight

10

Fix Recommendation

Navigate to Administration >> System >> Admin Access >> Authentication >> Password Policy.

Set the "Password cached for" field to the organization-defined value available in the SSP.

Check Contents

View the SSP for the required value.

Navigate to Administration >> System >> Admin Access >> Authentication >> Password Policy.

Verify the SSP required value matches the "Password cached for" field.

If the Cisco ISE does not prohibit the use of cached authenticators after an organization-defined time period, this is a finding.

Vulnerability Number

V-242652

Documentable

False

Rule Version

CSCO-NM-000470

Severity Override Guidance

View the SSP for the required value.

Navigate to Administration >> System >> Admin Access >> Authentication >> Password Policy.

Verify the SSP required value matches the "Password cached for" field.

If the Cisco ISE does not prohibit the use of cached authenticators after an organization-defined time period, this is a finding.

Check Content Reference

M

Target Key

5384

Comments