Ensure ‘SSL AES 256 encryption’ is set for HTTPS access

Details

Sets the SSL encryption algorithm to AES 256

Rationale:

Given that the network may be prone to sniffing, the HTTP access to the security appliance must be secured with SSL or TLS protocols. A secure encryption algorithm must be used.

Solution

For version 8.x, run the following command to enable AES 256 algorithm

HOSTNAME(CONFIG)# SSL ENCRYPTION AES256-SHA1

For version 9.x, run the following command to enable AES 256 algorithm

HOSTNAME(CONFIG)# SSL CIPHER TLSV1 CUSTOM AES256-SHA

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/1903

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.

References

800-53|SC-8
CSCv7|14.4

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles