STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to HPE Aruba Networking AOS NDM Security Technical Implementation Guide

V-266959

CAT II (Medium)

AOS must prohibit the use of cached authenticators after an organization-defined time period.

Rule ID

SV-266959r1039898_rule

STIG

HPE Aruba Networking AOS NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002007

Discussion

Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out of date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.

Check Content

Verify the AOS configuration with the following command: 
show configuration effective | include auth-survivability 
 
If "aaa auth-survivability enable" is returned and "auth-survivability" is enabled, this is a finding.

Fix Text

Configure AOS with the following commands: 
configure terminal 
no aaa auth-survivability enable 
write memory