Set ‘modulus’ to greater than or equal to 2048 for ‘crypto key generate rsa’

Details

Use this command to generate RSA key pairs for your Cisco device. RSA keys are generated in pairs–one public RSA key and one private RSA key.

NOTE: If performing an offline config audit this check may not show results.

Solution

Generate an RSA key pair for the router.
hostname(config)#crypto key generate rsa general-keys modulus 2048

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/508

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Cisco.

References

800-53|IA-2(1)

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles