Detections
Analytics

1.1.10 Set 'aaa accounting network'

Information

Runs accounting for all network-related service requests.

Rationale:

Authentication, authorization and accounting (AAA) systems provide an authoritative source for managing and monitoring access for devices. Centralizing control improves consistency of access control, the services that may be accessed once authenticated and accountability by tracking services accessed. Additionally, centralizing access control simplifies and reduces administrative costs of account provisioning and de-provisioning, especially when managing a large number of devices. AAA Accounting provides a management and audit trail for user and administrative sessions through RADIUS and TACACS+.

Solution

Configure AAA accounting for connections.

hostname(config)#aaa accounting network {default | list-name | guarantee-first}
{start-stop | stop-only | none} {radius | group group-name}

Impact:

Implementing aaa accounting network creates accounting records for a method list including ARA, PPP, SLIP, and NCPs sessions. Organizations should regular monitor these records for exceptions, remediate issues, and report findings.

Default Value:

AAA accounting is not enabled.

References:

http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA

See Also

https://workbench.cisecurity.org/files/2585

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12(1), CSCv7|6

Plugin: Cisco

Control ID: 5c46513d00fa23adfef79c649153d7e3efea4c247348e8a2de133ce737c6e4ff