There is no user authentication credential caching. If the WAN link is down and you don't have a local ACS, then users won't be able to authenticate. However, an alternative is to run some other RADIUS service (such as Microsoft's IAS) if you have local DCs (assuming you are a Windows shop) at your remote locations. IAS is a decent fallback RADIUS server.
As for a down ACS, I would seriously consider a secondary one to provide some redundnacy. I have four: 2 for most of our remote sites to use, 1 at our largest site in North America, and 1 in South America. With that much redundancy, I can take down any of the ACS servers for maintenance/upgrades, and the users don't notice.
Also, on my network I have taken the approach that if the WAN link is down, users not being able to authenticate to wireless is a moot issue since many of our apps are hosted centrally and a down WAN link means even the wired users are down.