1.1.1 Enable 'aaa new-model'

Information

This command enables the AAA access control system.

Authentication, authorization and accounting (AAA) services provide an authoritative source for managing and monitoring access for devices. Centralizing control improves consistency of access control, the services that may be accessed once authenticated and accountability by tracking services accessed. Additionally, centralizing access control simplifies and reduces administrative costs of account provisioning and de-provisioning, especially when managing a large number of devices.

Solution

Globally enable authentication, authorization and accounting (AAA) using the new-model command.

hostname(config)#aaa new-model

Impact:

Implementing Cisco AAA is significantly disruptive as former access methods are immediately disabled. Therefore, before implementing Cisco AAA, the organization should carefully review and plan their authentication criteria (logins & passwords, challenges & responses, and token technologies), authorization methods, and accounting requirements.

See Also

https://workbench.cisecurity.org/benchmarks/17130

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(1), CSCv7|16.2

Plugin: Cisco

Control ID: 3e2124444fd74287eb94b5592fae638ba5160757ff9a7b1df19ad7b1150cb376