Details
Authenticates users trying to access the Enable mode (privileged EXEC mode) through the ‘enable’ command.
Rationale:
The default access to enable mode is done through a password. AAA provides a primary method for authenticating users (a username/password database stored on a TACACS+ or RADIUS server or group of servers) and then specifies backup method (a locally stored username/password database). The backup method is used if the primary method’s database cannot be accessed by the networking device.
Solution
Configure the aaa authentication for enable access using the TACACS+ server-group as primary method and the local database as backup method
hostname(config)# aaa authentication enable console
Default Value:
The aaa authentication is disabled by default for the enable mode
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.