1.4.4.2 Ensure 'aaa authorization exec' is configured correctly

Information

Limits the access to the privileged EXEC mode

Rationale:

When a user is placed in the privileged EXEC mode, valuable information can be obtained. The AAA authorization exec enforces the segregation of users rights so that only authorized users can get access to the privileged EXEC mode. Once this feature is enabled, the user rights are provided by the authentication servers mentioned in the AAA authentication console and AAA authentication enable schemes.

Solution

Run the following to enable the AAA authorization exec

hostname(config)# aaa authorization exec authentication-server

Default Value:

Not enabled

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(9), CSCv7|4.3

Plugin: Cisco

Control ID: 12e67d51b0e425845946406c1cd04eac47ef5f5a8dbb7db06d60033f1c086556