Cisco IOS XE Switch NDM STIG Version Comparison
Cisco IOS XE Switch NDM Security Technical Implementation Guide
Comparison
There are 3 differences between versions v1 r1 (May 8, 2020) (the "left" version) and v2 r2 (Oct. 27, 2021) (the "right" version).
Check CISC-ND-001280 was removed from the benchmark in the "right" version. The text below reflects the old wording.
This check's original form is available here.
Text Differences
Title
The Cisco switch must generate audit records showing starting and ending time for administrator access to the system.
Check Content
The Cisco switch is not compliant with this requirement. However, the risk associated with this requirement can be fully mitigated if the switch is configured to utilize an AAA server to report session start and stop times for administrative access. Review the switch configuration to verify that the device is configured to use an AAA server to report session start and stop times for administrative access as shown in the following example: aaa new-model ! ! aaa accounting exec default start-stop group radius … … … radius-server host x.x.x.x key xxxxxxx If the switch is not configured to use an use an AAA server to report session start and stop times for administrative access, this is a finding.
Discussion
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the network device (e.g., module or policy filter).
Fix
Step 1: Configure the switch to use an authentication server as shown in the following example: SW1(config)#radius host 10.1.48.2 key xxxxxx Step 2: Configure the switch to report session start and stop times for administrative access as shown in the following example: SW1(config)#aaa accounting exec default start-stop group radius