The layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.

An XCCDF Rule

Details
Profiles

Description

Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to a switch port to inject or receive data from the network without detection.

ID: SV-206647r385501_rule
Version: SRG-NET-000148-L2S-000015
Severity: High
References: CCI-000778
Updated: 5 days ago

Remediation Templates

Configure 802.1 x authentications on all host-facing access switch ports. To authenticate those devices that do not support 802.1x, MAC Authentication Bypass must be configured.

The layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.

Description

Remediation Templates

A Manual Procedure