CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack.

An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.

Solution

Enable fips mode via the command 'fips mode enable'.

Note: The switch will require a reboot for fips mode to be enabled.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_NX-OS_Switch_Y24M04_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001941, Rule-ID|SV-220488r929031_rule, STIG-ID|CISC-ND-000530, STIG-Legacy|SV-110625, STIG-Legacy|V-101521, Vuln-ID|V-220488

Plugin: Cisco

Control ID: d18aa1a7bde3c6b4a642c7f1eba9df0b7e17786e8b2baedbd8f3b6ef32206e9a