2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'

Information

Use this command to generate RSA key pairs for your Cisco device.

RSA keys are generated in pairs--one public RSA key and one private RSA key.

An RSA key pair is a prerequisite for setting up SSH and should be at least 2048 bits.

NOTE: IOS does NOT display the modulus bit value in the Audit Procedure.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Generate an RSA key pair for the router.

hostname(config)#crypto key generate rsa general-keys modulus <em>2048</em>

Impact:

Organizations should plan and implement enterprise network cryptography and generate an appropriate RSA key pairs, such as 'modulus', greater than or equal to 2048.

See Also

https://workbench.cisecurity.org/benchmarks/12917

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-15, CSCv7|18.5

Plugin: Cisco

Control ID: 99c519e19190a54d67bdf87b078d82ab8073ce5a1967104ce100f93b363634a3