CISC-ND-001410 - The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


System-level information includes default and customized settings and security attributes, including access control lists (ACLs) that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial-of-service condition is possible for all who use this critical network component.

The network device must support the organizational central backup process for system-level information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Configure the Cisco switch to send the configuration to a TFTP or an FTP server when a configuration change occurs as shown in the example below:

SW4(config)#event manager applet BACKUP_CONFIG
SW4(config-applet)#event syslog pattern '%SYS-5-CONFIG_I'
SW4(config-applet)#action 1 cli command 'enable'
SW4(config-applet)#action 2 info type switchname
SW4(config-applet)#action 3 cli command 'copy run tftp' pattern 'remote host'
SW4(config-applet)#action 4 cli command 'x.x.x.x' pattern 'filename'
SW4(config-applet)#action 5 cli command '$_info_switchname-config'
SW4(config-applet)#action 6 syslog priority informational msg 'Configuration backup was executed'

See Also

Item Details

References: CAT|II, CCI|CCI-000366, CCI|CCI-000537, Rule-ID|SV-220618r916221_rule, STIG-ID|CISC-ND-001410, STIG-Legacy|SV-110465, STIG-Legacy|V-101361, Vuln-ID|V-220618

Plugin: Cisco

Control ID: c6c8f41ea88c8a7af924549e01643f15b80e9855d3b252ab0bf802194c040c73