Details
Defines the source of authorization for the commands entered by an administrator/user
Rationale:
Requiring authorization for commands enforces separation of duties and provides least privilege access for specific job roles.
Solution
Run the following to determine the remote the TACACS+/RADIUS servers (server_group_name) as source of authorization and the local database (LOCAL) as fallback method if the remote servers are not available.
hostname(config)# aaa authorization command
This implies that locally, each privilege has its sets of commands configured and username associated just in accordance with the privilege and command definition in the remote servers.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.