CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number - ip http max-connections

CAT|II

CCI|CCI-000054

Rule-ID|SV-215662r648760_rule

STIG-ID|CISC-ND-000010

STIG-Legacy|SV-105145

STIG-Legacy|V-96007

Vuln-ID|V-215662

CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number - session-limit

CISC-ND-000090 - The Cisco router must be configured to automatically audit account creation.

CCI|CCI-000018

Rule-ID|SV-215663r521266_rule

STIG-ID|CISC-ND-000090

STIG-Legacy|SV-105153

STIG-Legacy|V-96015

Vuln-ID|V-215663

CISC-ND-000100 - The Cisco router must be configured to automatically audit account modification.

CCI|CCI-001403

Rule-ID|SV-215664r521266_rule

STIG-ID|CISC-ND-000100

STIG-Legacy|SV-105155

STIG-Legacy|V-96017

Vuln-ID|V-215664

CISC-ND-000110 - The Cisco router must be configured to automatically audit account disabling actions.

CCI|CCI-001404

Rule-ID|SV-215665r521266_rule

STIG-ID|CISC-ND-000110

STIG-Legacy|SV-105157

STIG-Legacy|V-96019

Vuln-ID|V-215665

CISC-ND-000120 - The Cisco router must be configured to automatically audit account removal actions.

CCI|CCI-001405

Rule-ID|SV-215666r521266_rule

STIG-ID|CISC-ND-000120

STIG-Legacy|SV-105159

STIG-Legacy|V-96021

Vuln-ID|V-215666

CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies - access-class deny

CCI|CCI-001368

Rule-ID|SV-215667r835035_rule

STIG-ID|CISC-ND-000140

STIG-Legacy|SV-105161

STIG-Legacy|V-96023

Vuln-ID|V-215667

CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies - access-class permit

CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies - line vty

CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.

CCI|CCI-000044

Rule-ID|SV-215668r521266_rule

STIG-ID|CISC-ND-000150

STIG-Legacy|SV-105163

STIG-Legacy|V-96025

Vuln-ID|V-215668

CISC-ND-000160 - The Cisco router must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

CCI|CCI-000048

Rule-ID|SV-215669r521266_rule

STIG-ID|CISC-ND-000160

STIG-Legacy|SV-105165

STIG-Legacy|V-96027

Vuln-ID|V-215669

CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity - logging enable

CCI|CCI-000166

CCI|CCI-000172

CCI|CCI-002234

Rule-ID|SV-215670r835036_rule

STIG-ID|CISC-ND-000210

STIG-Legacy|SV-105173

STIG-Legacy|V-96035

Vuln-ID|V-215670

CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity - logging userinfo

CISC-ND-000280 - The Cisco router must produce audit records containing information to establish when (date and time) the events occurred.

CCI|CCI-000131

Rule-ID|SV-215672r521266_rule

STIG-ID|CISC-ND-000280

STIG-Legacy|SV-105179

STIG-Legacy|V-96041

Vuln-ID|V-215672

CISC-ND-000290 - The Cisco router must produce audit records containing information to establish where the events occurred.

CCI|CCI-000132

Rule-ID|SV-215673r521266_rule

STIG-ID|CISC-ND-000290

STIG-Legacy|SV-105181

STIG-Legacy|V-96043

Vuln-ID|V-215673

CISC-ND-000330 - The Cisco router must be configured to generate audit records containing the full-text recording of privileged commands.

CCI|CCI-000135

Rule-ID|SV-215674r521266_rule

STIG-ID|CISC-ND-000330

STIG-Legacy|SV-105183

STIG-Legacy|V-96045

Vuln-ID|V-215674

CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification.

CCI|CCI-000163

Rule-ID|SV-215675r521266_rule

STIG-ID|CISC-ND-000380

STIG-Legacy|SV-105187

STIG-Legacy|V-96049

Vuln-ID|V-215675

CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion.

CCI|CCI-000164

Rule-ID|SV-215676r521266_rule

STIG-ID|CISC-ND-000390

STIG-Legacy|SV-105189

STIG-Legacy|V-96051

Vuln-ID|V-215676

CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.

CCI|CCI-001499

Rule-ID|SV-215677r521266_rule

STIG-ID|CISC-ND-000460

STIG-Legacy|SV-105193

STIG-Legacy|V-96055

Vuln-ID|V-215677

CISC-ND-000470 - The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services.

CAT|I

CCI|CCI-000382

Rule-ID|SV-215678r521266_rule

STIG-ID|CISC-ND-000470

STIG-Legacy|SV-105195

STIG-Legacy|V-96057

Vuln-ID|V-215678

CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.

CCI|CCI-001358

CCI|CCI-002111

Rule-ID|SV-215679r663913_rule

STIG-ID|CISC-ND-000490

STIG-Legacy|SV-105199

STIG-Legacy|V-96061

Vuln-ID|V-215679

CISC-ND-000550 - The Cisco router must be configured to enforce a minimum 15-character password length.

CCI|CCI-000205

Rule-ID|SV-215681r521266_rule

STIG-ID|CISC-ND-000550

STIG-Legacy|SV-105209

STIG-Legacy|V-96071

Vuln-ID|V-215681

CISC-ND-000570 - The Cisco router must be configured to enforce password complexity by requiring that at least one upper-case character be used.

CCI|CCI-000192

Rule-ID|SV-215682r521266_rule

STIG-ID|CISC-ND-000570

STIG-Legacy|SV-105211

STIG-Legacy|V-96073

Vuln-ID|V-215682

CISC-ND-000580 - The Cisco router must be configured to enforce password complexity by requiring that at least one lower-case character be used.

CCI|CCI-000193

Rule-ID|SV-215683r521266_rule

STIG-ID|CISC-ND-000580

STIG-Legacy|SV-105213

STIG-Legacy|V-96075

Vuln-ID|V-215683

CISC-ND-000590 - The Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used.

CCI|CCI-000194

Rule-ID|SV-215684r521266_rule

STIG-ID|CISC-ND-000590

STIG-Legacy|SV-105215

STIG-Legacy|V-96077

Vuln-ID|V-215684

CISC-ND-000600 - The Cisco router must be configured to enforce password complexity by requiring that at least one special character be used.

CCI|CCI-001619

Rule-ID|SV-215685r521266_rule

STIG-ID|CISC-ND-000600

STIG-Legacy|SV-105217

STIG-Legacy|V-96079

Vuln-ID|V-215685

CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.

CCI|CCI-000195

Rule-ID|SV-215686r521266_rule

STIG-ID|CISC-ND-000610

STIG-Legacy|SV-105219

STIG-Legacy|V-96081

Vuln-ID|V-215686

CISC-ND-000620 - The Cisco router must only store cryptographic representations of passwords.

CCI|CCI-000196

Rule-ID|SV-215687r521266_rule

STIG-ID|CISC-ND-000620

STIG-Legacy|SV-105221

STIG-Legacy|V-96083

Vuln-ID|V-215687

CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - exec-timeout

CCI|CCI-001133

Rule-ID|SV-215688r835043_rule

STIG-ID|CISC-ND-000720

STIG-Legacy|SV-105227

STIG-Legacy|V-96089

Vuln-ID|V-215688

CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http secure-server

CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http timeout-policy

CISC-ND-000880 - The Cisco router must be configured to automatically audit account enabling actions.

CCI|CCI-002130

Rule-ID|SV-215689r521266_rule

STIG-ID|CISC-ND-000880

STIG-Legacy|SV-105241

STIG-Legacy|V-96103

Vuln-ID|V-215689

CISC-ND-000980 - The Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

CCI|CCI-001849

Rule-ID|SV-215691r521266_rule

STIG-ID|CISC-ND-000980

STIG-Legacy|SV-105253

STIG-Legacy|V-96115

Vuln-ID|V-215691

CISC-ND-001000 - The Cisco router must be configured to generate an alert for all audit failure events.

Detections

Analytics

DISA STIG Cisco IOS Router NDM v2r4

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.6

Functional Update

Revision 1.5

Miscellaneous

Revision 1.4

Functional Update

Added

Removed

Revision 1.3

Miscellaneous

Revision 1.2

Miscellaneous

Revision 1.1

Functional Update

Revision 1.0

Miscellaneous