Details

Call home services or features will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. The risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack.

Solution

Configure the network device to disable the call home service or feature.

The command below will disable the call-home service on a Cisco device.
Example:
hostname(config)# no service call-home

Supportive Information

The following resource is also helpful.

• https://iasecontent.disa.mil/stigs/zip/U_Network_Firewall_V8R25_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.

References

• 800-53|AC-6(10)
• CAT|II
• Rule-ID|SV-36774r4_rule
• STIG-ID|NET0405
• Vuln-ID|V-28784

Source

• Tenable.com/audits