CISC-ND-000460 – The Cisco router must be configured to limit privileges to change the software resident within software libraries.

Details

Changes to any software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed administrative access to the network device for implementing any changes or upgrades. If the network device were to enable non-authorized users to make changes to software libraries, those changes could be implemented without undergoing testing, validation, and approval.

Solution

Configure the router to only allow administrators with privilege level ’15’ access to the file system as shown in the example below.

R4(config)#file privilege 15

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_IOS_Router_Y22M01_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

800-53|CM-5(6)
CAT|II
CCI|CCI-001499
Rule-ID|SV-215677r521266_rule
STIG-ID|CISC-ND-000460
STIG-Legacy|SV-105193
STIG-Legacy|V-96055
Vuln-ID|V-215677

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles