Cisco IOS Router NDM STIG

Cisco IOS Router NDM Security Technical Implementation Guide

ID Vuln ID Title Cat Status
CISC-ND-000570 V-215682 The Cisco router must be configured to enforce password complexity by requiring that at least one upper-case character be used. Cat II
CISC-ND-001040 V-215694 The Cisco router must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. Cat II
CISC-ND-001050 V-215695 The Cisco router must be configured to record time stamps for log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). Cat II
CISC-ND-000620 V-215687 The Cisco router must only store cryptographic representations of passwords. Cat I
CISC-ND-000250 V-215671 The Cisco router must be configured to generate audit records when successful/unsuccessful attempts to log on with access privileges occur. Cat II
CISC-ND-001260 V-215704 The Cisco router must be configured to generate audit records when successful/unsuccessful logon attempts occur. Cat II
CISC-ND-001470 V-220137 The Cisco router must be running an IOS release that is currently supported by Cisco Systems. Cat I
CISC-ND-000530 V-215680 The Cisco router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. Cat II
CISC-ND-001210 V-215700 The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. Cat I
CISC-ND-001310 V-215708 The Cisco router must be configured to off-load log records onto a different system than the system being audited. Cat II
CISC-ND-000330 V-215674 The Cisco router must be configured to generate audit records containing the full-text recording of privileged commands. Cat II
CISC-ND-000550 V-215681 The Cisco router must be configured to enforce a minimum 15-character password length. Cat II
CISC-ND-000210 V-215670 The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation. Cat II
CISC-ND-001200 V-215699 The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. Cat I
CISC-ND-001030 V-215693 The Cisco router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes