2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'

Information

Use this command to generate RSA key pairs for your Cisco device.

RSA keys are generated in pairs--one public RSA key and one private RSA key.

Rationale:

An RSA key pair is a prerequisite for setting up SSH and should be at least 2048 bits.

NOTE: IOS does NOT display the modulus bit value in the Audit Procedure.

Impact:

Organizations should plan and implement enterprise network cryptography and generate an appropriate RSA key pairs, such as 'modulus', greater than or equal to 2048.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Generate an RSA key pair for the router.

hostname(config)#crypto key generate rsa general-keys modulus <em>2048</em>

Default Value:

RSA key pairs do not exist.

See Also

https://workbench.cisecurity.org/files/3829

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-18, 800-53|SC-23, CSCv7|4.5

Plugin: Cisco

Control ID: 9bd54261c32f9c446174e1fad10dee9c70eb5fc7808f49e3d95aadcd715e28ae