The Cisco IOS XE router must generate audit records when successful/unsuccessful logon attempts occur.Īpplications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must. The Cisco IOS XE router must be configured to prohibit the use of all unnecessary or non-secure ports, protocols, or services. Time stamps generated by the application include date and time. Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. The Cisco IOS XE router must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. The Cisco IOS XE router must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an. The Cisco IOS XE router must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.
#CISCO IOS XE 16.6.1 PASSWORD#
Password length is one factor of several that helps to.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. The Cisco IOS XE router must enforce a minimum 15-character password length.
Mandatory access control policies constrain what actions subjects can take with information obtained from data objects for which they have already been granted access, thus preventing the subjects. If the Cisco IOS XE router uses mandatory access control, the Cisco IOS XE router must enforce organization-defined mandatory access control policies over all subjects and objects. This provides assurance that the administrator has seen the. The banner must be acknowledged by the administrator prior to the device allowing the administrator access to the network device. The Cisco IOS XE router must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access. The Cisco IOS XE router must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.ĭisplay of the DoD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is consistent with applicable federal laws. The Cisco IOS XE router must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.īy limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.
If management information flow is not enforced based on approved. The Cisco IOS XE router must enforce approved authorizations for controlling the flow of management information within the router based on information flow control policies.Ī mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. Therefore, if account management functions are not automatically enforced, an attacker could gain. The Cisco IOS XE router must use an authentication server for the purpose of granting administrative access.Īll accounts used for access to the network device are privileged or system-level accounts. An account can be created on the device's local database for use in an emergency, such as when.
#CISCO IOS XE 16.6.1 FULL#
The Cisco IOS XE router must have a single local account that will only be used as an account of last resort with full access to the network device.Īuthentication for administrative (privileged level) access to the device is required at all times. Findings (MAC III - Administrative Sensitive) Finding ID
0 kommentar(er)
