1.1.4.4 system accounting

Information

The router reports user activity to the TACACS+ or RADIUS security server in the form of accounting records. Each accounting record contains accounting AV pairs and is stored on the security server.

Authentication, authorization and accounting (AAA) systems provide an authoritative source for managing and monitoring access for devices. Centralizing control improves consistency of access control, the services that may be accessed once authenticated and accountability by tracking services accessed. Additionally, centralizing access control simplifies and reduces administrative costs of account provisioning and de-provisioning, especially when managing a large number of devices. AAA Accounting provides a management and audit trail for user and administrative sessions through TACACS+.

Solution

Configure an accounting list which includes the tacacs+ or radius server group, that was defined in the prerequisites or local or both:

aaa accounting system default start-stop group {tacacs_group|radius_group}

Impact:

Enabling 'aaa accounting system' records all system-related events to the accounting servers and enables organizations to monitor and analyze the activity.

See Also

https://workbench.cisecurity.org/benchmarks/10473

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-2(1), 800-53|AU-2, 800-53|AU-7, 800-53|AU-12

Plugin: Cisco

Control ID: 6ceb68ea6521fe7a83180f3bb626abfd7d964d53fd4de2843afaf8feb3c8126a