Skip to content
Log In

Cisco NX OS Switch NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur.

    System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execu...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000344

    Group
    Show

  • SRG-APP-000516-NDM-000350

    Group
    Show

  • SRG-APP-000516-NDM-000351

    Group
    Show

  • The Cisco switch must be running an IOS release that is currently supported by Cisco Systems.

    Network devices running an unsupported operating system lack current security fixes required to mitigate the risks associated with recent vulnerabilities. Running a supported release also enables o...
    Rule High Severity
    Show

  • SRG-APP-000435-NDM-000315

    Group
    Show

  • The Cisco switch must be configured to automatically audit account creation.

    Upon gaining access to a network device, an attacker will often first attempt to create a persistent method of reestablishing access. One way to accomplish this is to create a new account. Notifica...
    Rule Medium Severity
    Show

  • The Cisco switch must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.

    A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If management information flow is not enforced based on approved autho...
    Rule Medium Severity
    Show

  • The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation.

    This requirement supports non-repudiation of actions taken by an administrator and is required in order to maintain the integrity of the configuration management process. All configuration changes ...
    Rule Medium Severity
    Show

  • The Cisco switch must be configured to prohibit the use of all unnecessary and nonsecure functions and services.

    Network devices are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational op...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules