Cisco IOS Switch NDM STIG

Cisco IOS Switch NDM Security Technical Implementation Guide

ID Vuln ID Title Cat Status
CISC-ND-000530 V-220588 The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. Cat II
CISC-ND-000140 V-220575 The Cisco switch must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. Cat II
CISC-ND-001050 V-220603 The Cisco switch must be configured to record time stamps for log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). Cat II
CISC-ND-000940 V-220598 The Cisco switch must be configured to audit the execution of privileged functions. Cat II
CISC-ND-000590 V-220592 The Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used. Cat II
CISC-ND-001130 V-220604 The Cisco switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). Cat II
CISC-ND-000880 V-220597 The Cisco switch must be configured to automatically audit account enabling actions. Cat II
CISC-ND-001210 V-220608 The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. Cat I
CISC-ND-000160 V-220577 The Cisco switch must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. Cat II
CISC-ND-000100 V-220572 The Cisco switch must be configured to automatically audit account modification. Cat II
CISC-ND-000090 V-220571 The Cisco switch must be configured to automatically audit account creation. Cat II
CISC-ND-001410 V-220618 The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur. Cat II
CISC-ND-000380 V-220583 The Cisco switch must be configured to protect audit information from unauthorized modification. Cat II
CISC-ND-001220 V-220609 The Cisco switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. Cat II
CISC-ND-000600 V-220593 The Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes