1.4.5.1 Ensure 'aaa accounting command' is configured correctly

Information

Enables accounting of administrative access by specifying that each command, or commands of a specified privilege level or higher, entered by an administrator/user is recorded and sent to the accounting server or servers.

Rationale:

The AAA accounting feature enables to track the actions performed by users and to store the data collected into AAA serves for further audit or further analysis. While the aaa accounting serial, ssh, telnet and enable commands collect and sent the accounting records related to the start and end of sessions done on each access type, the aaa accounting command provides the accounting records related to each command entered by the users during the session and whatever the privilege level of the user.

Solution

Run the following in order to record all the commands entered at all the privilege levels and to send them to the AAA servers

hostname(config)# aaa accounting command <server-group_name>

Default Value:

By default, AAA accounting for administrative access is disabled.

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-18, 800-53|AC-18(1), 800-53|AC-18(3), 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|IA-5, CSCv7|11.3

Plugin: Cisco

Control ID: 34f351df1cbe3d1c19f3a1d60f24df50a3463c847cb9d3a605e15342ad9419d8