Detections
Analytics
CISC-ND-001410 - The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur.
Information
System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial of service condition is possible for all who utilize this critical network component.This control requires the network device to support the organizational central backup process for system-level information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups.
Solution
Configure the Cisco switch to send the configuration to an SCP server when a configuration change occurs. The recommended and most secure method is to use public/private key authentication.SW4(config)# ip scp server enable
SW4(config)# file prompt quiet
SW4(config)# event manager applet BACKUP_CONFIG
SW4(config-applet)# event syslog pattern "%SYS-5-CONFIG_I"
SW4(config-applet)# action 1 cli command "enable"
SW4(config-applet)# action 2 info type routername
SW4(config-applet)# action 3 cli command "copy running-config scp://<username>@<x.x.x.x>/<path_on_server>/$_info_routername-running-config"
SW4(config-applet)# action 4 syslog priority informational msg "Configuration backup executed for $_info_routername"
SW4(config-applet)# authorization bypass
SW4(config-applet)# end
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_IOS-XE_Switch_Y26M04_STIG.zip
Item Details
Audit Name: DISA Cisco IOS XE Switch NDM STIG v3r6
Category: CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING
References: 800-53|CM-6b., 800-53|CP-9b., CAT|II, CCI|CCI-000366, CCI|CCI-000537, Rule-ID|SV-220566r1186357_rule, STIG-ID|CISC-ND-001410, STIG-Legacy|SV-110587, STIG-Legacy|V-101483, Vuln-ID|V-220566
Plugin: Cisco
Control ID: ceba2ffe303967d8e3e2311f23e243a7f0257ed8089e3cb9a835a94b193779d3