Detections
Analytics
CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack.An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
Solution
Enable fips mode via the command 'fips mode enable'.Note: The switch will require a reboot for fips mode to be enabled.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_NX-OS_Switch_Y23M10_STIG.zip
Item Details
Audit Name: DISA STIG Cisco NX-OS Switch NDM v2r6
References: CAT|II, CCI|CCI-001941, Rule-ID|SV-220488r929031_rule, STIG-ID|CISC-ND-000530, STIG-Legacy|SV-110625, STIG-Legacy|V-101521, Vuln-ID|V-220488
Plugin: Cisco
Control ID: d18aa1a7bde3c6b4a642c7f1eba9df0b7e17786e8b2baedbd8f3b6ef32206e9a