CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number - ip http max-connections

800-53|SC-5

CAT|II

CCI|CCI-000054

Rule-ID|SV-215807r531083_rule

STIG-ID|CISC-ND-000010

STIG-Legacy|SV-105327

STIG-Legacy|V-96189

Vuln-ID|V-215807

CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number - session-limit

CISC-ND-000090 - The Cisco router must be configured to automatically audit account creation.

800-53|AU-12

CCI|CCI-000018

Rule-ID|SV-215808r531083_rule

STIG-ID|CISC-ND-000090

STIG-Legacy|SV-105335

STIG-Legacy|V-96197

Vuln-ID|V-215808

CISC-ND-000100 - The Cisco router must be configured to automatically audit account modification.

CCI|CCI-001403

Rule-ID|SV-215809r531083_rule

STIG-ID|CISC-ND-000100

STIG-Legacy|SV-105337

STIG-Legacy|V-96199

Vuln-ID|V-215809

CISC-ND-000110 - The Cisco router must be configured to automatically audit account disabling actions.

CCI|CCI-001404

Rule-ID|SV-215810r531083_rule

STIG-ID|CISC-ND-000110

STIG-Legacy|SV-105339

STIG-Legacy|V-96201

Vuln-ID|V-215810

CISC-ND-000120 - The Cisco router must be configured to automatically audit account removal actions.

CCI|CCI-001405

Rule-ID|SV-215811r531083_rule

STIG-ID|CISC-ND-000120

STIG-Legacy|SV-105341

STIG-Legacy|V-96203

Vuln-ID|V-215811

CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. - deny rule

800-53|AC-4

CCI|CCI-001368

Rule-ID|SV-215812r539421_rule

STIG-ID|CISC-ND-000140

STIG-Legacy|SV-105343

STIG-Legacy|V-96205

Vuln-ID|V-215812

CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. - line vty

CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.

800-53|AC-7

CCI|CCI-000044

Rule-ID|SV-215813r531083_rule

STIG-ID|CISC-ND-000150

STIG-Legacy|SV-105345

STIG-Legacy|V-96207

Vuln-ID|V-215813

CISC-ND-000160 - The Cisco router must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

800-53|AC-8

CCI|CCI-000048

Rule-ID|SV-215814r531083_rule

STIG-ID|CISC-ND-000160

STIG-Legacy|SV-105347

STIG-Legacy|V-96209

Vuln-ID|V-215814

CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging enable

CCI|CCI-000166

Rule-ID|SV-215815r531083_rule

STIG-ID|CISC-ND-000210

STIG-Legacy|SV-105355

STIG-Legacy|V-96217

Vuln-ID|V-215815

CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo

800-53|AU-10

CISC-ND-000250 - The Cisco router must be configured to generate audit records when successful/unsuccessful attempts to log on with access privileges occur.

CCI|CCI-000172

Rule-ID|SV-215816r531083_rule

STIG-ID|CISC-ND-000250

STIG-Legacy|SV-105359

STIG-Legacy|V-96221

Vuln-ID|V-215816

CISC-ND-000280 - The Cisco router must produce audit records containing information to establish when (date and time) the events occurred.

CCI|CCI-000131

Rule-ID|SV-215817r531083_rule

STIG-ID|CISC-ND-000280

STIG-Legacy|SV-105361

STIG-Legacy|V-96223

Vuln-ID|V-215817

CISC-ND-000290 - The Cisco router must produce audit records containing information to establish where the events occurred.

CCI|CCI-000132

Rule-ID|SV-215818r531083_rule

STIG-ID|CISC-ND-000290

STIG-Legacy|SV-105363

STIG-Legacy|V-96225

Vuln-ID|V-215818

CISC-ND-000330 - The Cisco router must be configured to generate audit records containing the full-text recording of privileged commands.

CCI|CCI-000135

Rule-ID|SV-215819r531083_rule

STIG-ID|CISC-ND-000330

STIG-Legacy|SV-105365

STIG-Legacy|V-96227

Vuln-ID|V-215819

CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification.

800-53|AU-9

CCI|CCI-000163

Rule-ID|SV-215820r531083_rule

STIG-ID|CISC-ND-000380

STIG-Legacy|SV-105369

STIG-Legacy|V-96231

Vuln-ID|V-215820

CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion.

CCI|CCI-000164

Rule-ID|SV-215821r531083_rule

STIG-ID|CISC-ND-000390

STIG-Legacy|SV-105371

STIG-Legacy|V-96233

Vuln-ID|V-215821

CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.

CCI|CCI-001499

Rule-ID|SV-215822r531083_rule

STIG-ID|CISC-ND-000460

STIG-Legacy|SV-105375

STIG-Legacy|V-96237

Vuln-ID|V-215822

CISC-ND-000470 - The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services.

800-53|CM-7

CAT|I

CCI|CCI-000382

Rule-ID|SV-215823r531083_rule

STIG-ID|CISC-ND-000470

STIG-Legacy|SV-105377

STIG-Legacy|V-96239

Vuln-ID|V-215823

CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.

CCI|CCI-001358

CCI|CCI-002111

Rule-ID|SV-215824r531083_rule

STIG-ID|CISC-ND-000490

STIG-Legacy|SV-105381

STIG-Legacy|V-96243

Vuln-ID|V-215824

CISC-ND-000530 - The Cisco router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh algorithm

800-53|SC-13

CCI|CCI-001941

Rule-ID|SV-215825r531083_rule

STIG-ID|CISC-ND-000530

STIG-Legacy|SV-105387

STIG-Legacy|V-96249

Vuln-ID|V-215825

CISC-ND-000530 - The Cisco router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh version

CISC-ND-000550 - The Cisco router must be configured to enforce a minimum 15-character password length.

800-53|IA-5(1)

CCI|CCI-000205

Rule-ID|SV-215826r531083_rule

STIG-ID|CISC-ND-000550

STIG-Legacy|SV-105391

STIG-Legacy|V-96253

Vuln-ID|V-215826

CISC-ND-000570 - The Cisco router must be configured to enforce password complexity by requiring that at least one upper-case character be used.

CCI|CCI-000192

Rule-ID|SV-215827r531083_rule

STIG-ID|CISC-ND-000570

STIG-Legacy|SV-105393

STIG-Legacy|V-96255

Vuln-ID|V-215827

CISC-ND-000580 - The Cisco router must be configured to enforce password complexity by requiring that at least one lower-case character be used.

CCI|CCI-000193

Rule-ID|SV-215828r531083_rule

STIG-ID|CISC-ND-000580

STIG-Legacy|SV-105395

STIG-Legacy|V-96257

Vuln-ID|V-215828

CISC-ND-000590 - The Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used.

CCI|CCI-000194

Rule-ID|SV-215829r531083_rule

STIG-ID|CISC-ND-000590

STIG-Legacy|SV-105397

STIG-Legacy|V-96259

Vuln-ID|V-215829

CISC-ND-000600 - The Cisco router must be configured to enforce password complexity by requiring that at least one special character be used.

CCI|CCI-001619

Rule-ID|SV-215830r531083_rule

STIG-ID|CISC-ND-000600

STIG-Legacy|SV-105399

STIG-Legacy|V-96261

Vuln-ID|V-215830

CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.

CCI|CCI-000195

Rule-ID|SV-215831r531083_rule

STIG-ID|CISC-ND-000610

STIG-Legacy|SV-105401

STIG-Legacy|V-96263

Vuln-ID|V-215831

CISC-ND-000620 - The Cisco router must only store cryptographic representations of passwords.

Detections

Analytics

DISA STIG Cisco IOS XE Router NDM v2r1

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.3

Miscellaneous

Revision 1.2

Functional Update

Miscellaneous

Revision 1.1

Functional Update

Miscellaneous