Cisco IOS Switch NDM STIG Version Comparison

Cisco IOS Switch NDM Security Technical Implementation Guide

Comparison

There are 2 differences between versions v1 r1 (May 8, 2020) (the "left" version) and v2 r2 (April 23, 2021) (the "right" version).

Check CISC-ND-001280 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Text Differences

Title

The Cisco switch must generate audit records showing starting and ending time for administrator access to the system.

Check Content

The Cisco switch is not compliant with this requirement. However, the risk associated with this requirement can be fully mitigated if the switch is configured to use an AAA server to report session start and stop times for administrative access. Review the switch configuration to verify that the device is configured to use an AAA server to report session start and stop times for administrative access as shown in the example below: aaa new-model ! ! aaa accounting exec default start-stop group radius … … … radius-server host x.x.x.x key xxxxxxx If the switch is not configured to use an AAA server to report session start and stop times for administrative access, this is a finding.

Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the network device (e.g., module or policy filter).

Fix

Step 1: Configure the switch to use an authentication server as shown in the example below: SW1(config)#radius host 10.1.48.2 key xxxxxx Step 2: Configure the switch to report session start and stop times for administrative access as shown in the following example: SW1(config)#aaa accounting exec default start-stop group radius