STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Symantec Edge SWG NDM Security Technical Implementation Guide

V-279270

CAT II (Medium)

The Edge SWG must prohibit the use of cached authenticators after an organization-defined time period.

Rule ID

SV-279270r1170571_rule

STIG

Symantec Edge SWG NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002007

Discussion

Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.

Check Content

1. Log in to the Edge SWG SSH CLI.
2. Enter "show realms".

If under LDAP Realm the "Authorization refresh", "Credentials refresh", and "Surrogates refresh" are not set to 10 seconds, or what the site requires, this is a finding.

Fix Text

1. In the Edge SWG Web UI, navigate to the Configuration tab.
2. Select the "Authentication" and "Realms and Domains" areas.
3. Select the previously configured LDAP domain.
4. Click "Show" for "Advanced Settings".
5. Check "Use the same refresh time for all".
6. Under "Credential refresh time", add 10 seconds, or whatever the site requires.