CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number.

CAT|II

CCI|CCI-000054

Rule-ID|SV-220570r879511_rule

STIG-ID|CISC-ND-000010

STIG-Legacy|SV-110369

STIG-Legacy|V-101265

Vuln-ID|V-220570

CISC-ND-000090 - The Cisco switch must be configured to automatically audit account creation.

CCI|CCI-000018

Rule-ID|SV-220571r879525_rule

STIG-ID|CISC-ND-000090

STIG-Legacy|SV-110371

STIG-Legacy|V-101267

Vuln-ID|V-220571

CISC-ND-000100 - The Cisco switch must be configured to automatically audit account modification.

CCI|CCI-001403

Rule-ID|SV-220572r879526_rule

STIG-ID|CISC-ND-000100

STIG-Legacy|SV-110373

STIG-Legacy|V-101269

Vuln-ID|V-220572

CISC-ND-000110 - The Cisco switch must be configured to automatically audit account disabling actions.

CCI|CCI-001404

Rule-ID|SV-220573r879527_rule

STIG-ID|CISC-ND-000110

STIG-Legacy|SV-110375

STIG-Legacy|V-101271

Vuln-ID|V-220573

CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions.

CCI|CCI-001405

Rule-ID|SV-220574r879528_rule

STIG-ID|CISC-ND-000120

STIG-Legacy|SV-110377

STIG-Legacy|V-101273

Vuln-ID|V-220574

CISC-ND-000140 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.

CCI|CCI-001368

Rule-ID|SV-220575r879533_rule

STIG-ID|CISC-ND-000140

STIG-Legacy|SV-110379

STIG-Legacy|V-101275

Vuln-ID|V-220575

CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.

CCI|CCI-000044

Rule-ID|SV-220576r879546_rule

STIG-ID|CISC-ND-000150

STIG-Legacy|SV-110381

STIG-Legacy|V-101277

Vuln-ID|V-220576

CISC-ND-000160 - The Cisco switch must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

CCI|CCI-000048

Rule-ID|SV-220577r879547_rule

STIG-ID|CISC-ND-000160

STIG-Legacy|SV-110383

STIG-Legacy|V-101279

Vuln-ID|V-220577

CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity.

CCI|CCI-000166

CCI|CCI-000172

CCI|CCI-002234

Rule-ID|SV-220578r879554_rule

STIG-ID|CISC-ND-000210

STIG-Legacy|SV-110385

STIG-Legacy|V-101281

Vuln-ID|V-220578

CISC-ND-000280 - The Cisco switch must produce audit records containing information to establish when (date and time) the events occurred.

CCI|CCI-000131

Rule-ID|SV-220580r879564_rule

STIG-ID|CISC-ND-000280

STIG-Legacy|SV-110389

STIG-Legacy|V-101285

Vuln-ID|V-220580

CISC-ND-000290 - The Cisco switch must produce audit records containing information to establish where the events occurred.

CCI|CCI-000132

Rule-ID|SV-220581r929020_rule

STIG-ID|CISC-ND-000290

STIG-Legacy|SV-110391

STIG-Legacy|V-101287

Vuln-ID|V-220581

CISC-ND-000330 - The Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands.

CCI|CCI-000135

Rule-ID|SV-220582r879569_rule

STIG-ID|CISC-ND-000330

STIG-Legacy|SV-110393

STIG-Legacy|V-101289

Vuln-ID|V-220582

CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification.

CCI|CCI-000163

Rule-ID|SV-220583r879577_rule

STIG-ID|CISC-ND-000380

STIG-Legacy|SV-110395

STIG-Legacy|V-101291

Vuln-ID|V-220583

CISC-ND-000390 - The Cisco switch must be configured to protect audit information from unauthorized deletion.

CCI|CCI-000164

Rule-ID|SV-220584r879578_rule

STIG-ID|CISC-ND-000390

STIG-Legacy|SV-110397

STIG-Legacy|V-101293

Vuln-ID|V-220584

CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.

CCI|CCI-001499

Rule-ID|SV-220585r879586_rule

STIG-ID|CISC-ND-000460

STIG-Legacy|SV-110399

STIG-Legacy|V-101295

Vuln-ID|V-220585

CISC-ND-000470 - The Cisco switch must be configured to prohibit the use of all unnecessary and non-secure functions and services.

CAT|I

CCI|CCI-000382

Rule-ID|SV-220586r892388_rule

STIG-ID|CISC-ND-000470

STIG-Legacy|SV-110401

STIG-Legacy|V-101297

Vuln-ID|V-220586

CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.

CCI|CCI-001358

CCI|CCI-002111

Rule-ID|SV-220587r879589_rule

STIG-ID|CISC-ND-000490

STIG-Legacy|SV-110403

STIG-Legacy|V-101299

Vuln-ID|V-220587

CISC-ND-000550 - The Cisco switch must be configured to enforce a minimum 15-character password length.

CCI|CCI-000205

Rule-ID|SV-220589r879601_rule

STIG-ID|CISC-ND-000550

STIG-Legacy|SV-110407

STIG-Legacy|V-101303

Vuln-ID|V-220589

CISC-ND-000570 - The Cisco switch must be configured to enforce password complexity by requiring that at least one upper-case character be used.

CCI|CCI-000192

Rule-ID|SV-220590r879603_rule

STIG-ID|CISC-ND-000570

STIG-Legacy|SV-110409

STIG-Legacy|V-101305

Vuln-ID|V-220590

CISC-ND-000580 - The Cisco switch must be configured to enforce password complexity by requiring that at least one lower-case character be used.

CCI|CCI-000193

Rule-ID|SV-220591r879604_rule

STIG-ID|CISC-ND-000580

STIG-Legacy|SV-110411

STIG-Legacy|V-101307

Vuln-ID|V-220591

CISC-ND-000590 - The Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used.

CCI|CCI-000194

Rule-ID|SV-220592r879605_rule

STIG-ID|CISC-ND-000590

STIG-Legacy|SV-110413

STIG-Legacy|V-101309

Vuln-ID|V-220592

CISC-ND-000600 - The Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used.

CCI|CCI-001619

Rule-ID|SV-220593r879606_rule

STIG-ID|CISC-ND-000600

STIG-Legacy|SV-110415

STIG-Legacy|V-101311

Vuln-ID|V-220593

CISC-ND-000610 - The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.

CCI|CCI-000195

Rule-ID|SV-220594r879607_rule

STIG-ID|CISC-ND-000610

STIG-Legacy|SV-110417

STIG-Legacy|V-101313

Vuln-ID|V-220594

CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords.

CCI|CCI-000196

Rule-ID|SV-220595r879608_rule

STIG-ID|CISC-ND-000620

STIG-Legacy|SV-110419

STIG-Legacy|V-101315

Vuln-ID|V-220595

CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity.

CCI|CCI-001133

Rule-ID|SV-220596r916342_rule

STIG-ID|CISC-ND-000720

STIG-Legacy|SV-110421

STIG-Legacy|V-101317

Vuln-ID|V-220596

CISC-ND-000880 - The Cisco switch must be configured to automatically audit account enabling actions.

CCI|CCI-002130

Rule-ID|SV-220597r879696_rule

STIG-ID|CISC-ND-000880

STIG-Legacy|SV-110423

STIG-Legacy|V-101319

Vuln-ID|V-220597

CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

CCI|CCI-001849

Rule-ID|SV-220599r879730_rule

STIG-ID|CISC-ND-000980

STIG-Legacy|SV-110427

STIG-Legacy|V-101323

Vuln-ID|V-220599

CISC-ND-001000 - The Cisco switch must be configured to generate an alert for all audit failure events.

Detections

Analytics

DISA STIG Cisco IOS Switch NDM v2r8

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.2

Miscellaneous

Revision 1.1

Functional Update

Miscellaneous

Added

Removed


Revision 1.2 May 28, 2024 Miscellaneous Audit deprecated. Metadata updated. References updated.
Revision 1.1 Apr 9, 2024 Functional Update CISC-ND-001370 - The Cisco switch must be configured to use at least two authentication servers to authenticate users prior to granting administrative access. Miscellaneous References updated. Variables updated. Added CISC-ND-001150 - The Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. CISC-ND-001220 - The Cisco switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. Removed CISC-ND-001150 - The Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based - NTP sources using authentication that is cryptographically based CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - HMAC to protect the integrity of remote maintenance sessions CISC-ND-001220 - The Cisco switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards - DoS attacks by employing organization-defined security safeguards