The hardware Voice Video Endpoint must reauthenticate 802.1x or MAC Authentication Bypass (MAB) every three (3) hours or less.

From Voice Video Endpoint Security Requirements Guide

Part of SRG-NET-000338-VVEP-00007

Associated with: CCI-002039

SV-81185r1_rule The hardware Voice Video Endpoint must reauthenticate 802.1x or MAC Authentication Bypass (MAB) every three (3) hours or less.

Vulnerability discussion

IEEE 802.1x is a protocol used to control access to LAN services via a network access switchport or wireless access point that requires a device or user to authenticate to the network element and become authorized by the authentication server before accessing the network. This standard is used to activate the network access switchport limiting traffic to a specific VLAN or install traffic filters. Implementing 802.1x port security on each access switchport denies all other MAC users, which eliminates the security risk of additional users attaching to a switch to bypass authentication. The hardware Voice Video Endpoint must be an 802.1x supplicant and integrate into the 802.1x access control system. Devices connecting to the LAN are required to use 802.1x or MAC Address Bypass (MAB).Without periodically reauthenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity on the network.

Check content

If the Voice Video Endpoint is not a hardware endpoint, this check procedure is Not Applicable. Verify the hardware Voice Video Endpoint reauthenticates 802.1x or MAB every three hours or less. If the hardware Voice Video Endpoint does not reauthenticate 802.1x or MAB every three hours or less, this is a finding.

Fix text

Configure the hardware Voice Video Endpoint to reauthenticate 802.1x or MAB every three hours or less.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer