Details
Authenticates users who access privileged EXEC mode when they use the enable command.
Rationale:
Using AAA authentication for interactive management access to the device provides consistent, centralized control of your network. The default under AAA (local or network) is to require users to log in using a valid user name and password. This rule applies for both local and network AAA.
Impact:
Enabling Cisco AAA ‘authentication enable’ mode is significantly disruptive as former access methods are immediately disabled. Therefore, before enabling ‘aaa authentication enable default’ mode, the organization should plan and implement authentication logins and passwords, challenges and responses, and token technologies.
Solution
Configure AAA authentication method(s) for enable authentication.
hostname(config)#aaa authentication enable default {method1} enable
Default Value:
By default, fallback to the local database is disabled.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Cisco.