Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
HPE Aruba Networking AOS Wireless Security Technical Implementation Guide
SRG-NET-000338
SRG-NET-000338
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000338
1 Rule
AOS must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.
Medium Severity
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity on the network. In addition to the reauthentication requirements associated with session locks, organizations may require reauthentication of devices, including (but not limited to), the following other situations: (i) When authenticators change; (ii) When roles change; (iii) When security categories of information systems change; (iv) After a fixed period of time; or (v) Periodically. This requirement only applies to components where this is specific to the function of the device or has the concept of device authentication.