1.1.7 Set 'aaa accounting' to log all privileged use commands using 'commands 15'

Information

Runs accounting for all commands at the specified privilege level.

Rationale:

Authentication, authorization and accounting (AAA) systems provide an authoritative source for managing and monitoring access for devices. Centralizing control improves consistency of access control, the services that may be accessed once authenticated and accountability by tracking services accessed. Additionally, centralizing access control simplifies and reduces administrative costs of account provisioning and de-provisioning, especially when managing a large number of devices. AAA Accounting provides a management and audit trail for user and administrative sessions through RADIUS or TACACS+.

Impact:

Enabling 'aaa accounting' for privileged commands records and sends activity to the accounting servers and enables organizations to monitor and analyze privileged activity.

Solution

Configure AAA accounting for commands.

hostname(config)#aaa accounting commands 15 {default | list-name | guarantee-first}
{start-stop | stop-only | none} {radius | group group-name}

Default Value:

AAA accounting is disabled.

Additional Information:

Valid privilege level entries are integers from 0 through 15.

See Also

https://workbench.cisecurity.org/files/3829

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(2), 800-53|AC-6(5), CSCv7|5

Plugin: Cisco

Control ID: 289662233505fbe17e8547b1fd9e6d533a8404fe22d481ca56f588b284486a47