1.1.4.3 network accounting

Information

The router reports user activity to the TACACS+ or RADIUS security server in the form of accounting records. Each accounting record contains accounting AV pairs and is stored on the security server.

Authentication, authorization and accounting (AAA) systems provide an authoritative source for managing and monitoring access for devices. Centralizing control improves consistency of access control, the services that may be accessed once authenticated and accountability by tracking services accessed. Additionally, centralizing access control simplifies and reduces administrative costs of account provisioning and de-provisioning, especially when managing a large number of devices. AAA Accounting provides a management and audit trail for user and administrative sessions through TACACS+.

Solution

Configure an accounting list which includes the tacacs+ or radius server group, that was defined in the prerequisites or local or both:

aaa accounting network default start-stop group {tacacs_group|radius_group}

Impact:

Enabling 'aaa accounting network' records all network-related service requests, such as Internet Key Exchange (IKE) and Point-to-Point Protocol (PPP) to the accounting servers and enables organizations to monitor and analyze the activity.

See Also

https://workbench.cisecurity.org/benchmarks/10473

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-2(1), 800-53|AU-2, 800-53|AU-7, 800-53|AU-12

Plugin: Cisco

Control ID: 23c321ea50e532b61fef4757b5203bdba2b0fdb4030236ed0fbfd679dcdb6864