Skip to content
Log In

Cisco IOS Router NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000119-NDM-000236

    Group
    Show

  • The Cisco router must be configured to protect audit information from unauthorized modification.

    Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit network device activity. If audit data were to become compromised, ...
    Rule Medium Severity
    Show

  • SRG-APP-000120-NDM-000237

    Group
    Show

  • The Cisco router must be configured to protect audit information from unauthorized deletion.

    Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. If audit data were to become compromis...
    Rule Medium Severity
    Show

  • SRG-APP-000133-NDM-000244

    Group
    Show

  • SRG-APP-000142-NDM-000245

    Group
    Show

  • SRG-APP-000148-NDM-000346

    Group
    Show

  • The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.

    Authentication for administrative (privileged level) access to the device is required at all times. An account can be created on the device's local database for use when the authentication server i...
    Rule Medium Severity
    Show

  • SRG-APP-000164-NDM-000252

    Group
    Show

  • SRG-APP-000166-NDM-000254

    Group
    Show

  • The Cisco router must be configured to enforce password complexity by requiring that at least one uppercase character be used.

    Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...
    Rule Medium Severity
    Show

  • SRG-APP-000167-NDM-000255

    Group
    Show

  • The Cisco router must be configured to enforce password complexity by requiring that at least one lowercase character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-APP-000168-NDM-000256

    Group
    Show

  • The Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-APP-000169-NDM-000257

    Group
    Show

  • SRG-APP-000170-NDM-000329

    Group
    Show

  • The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.

    If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at ...
    Rule Medium Severity
    Show

  • SRG-APP-000171-NDM-000258

    Group
    Show

  • The Cisco router must only store cryptographic representations of passwords.

    Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily c...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules