STIGQter: STIG Summary: Cisco IOS Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 26 Apr 2021: STIGQter: STIG Summary: Cisco IOS Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 26 Apr 2021:SV-215700r521266_rule
V-215700
SRG-APP-000412-NDM-000331
CISC-ND-001210
CAT I
10
Configure the Cisco router to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm as shown in the examples below.
SSH Example
R1(config)#ip ssh server algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr
HTTPS Example
R2(config)#ip http secure-ciphersuite aes-128-cbc-sha
Review the Cisco router configuration to verify that it is compliant with this requirement.
SSH Example
ip ssh version 2
ip ssh server algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr
HTTPS Example
ip http secure-server
ip http secure-ciphersuite aes-128-cbc-sha
ip http secure-client-auth
ip http secure-trustpoint CA_XXX
If the router is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.
V-215700
False
CISC-ND-001210
Review the Cisco router configuration to verify that it is compliant with this requirement.
SSH Example
ip ssh version 2
ip ssh server algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr
HTTPS Example
ip http secure-server
ip http secure-ciphersuite aes-128-cbc-sha
ip http secure-client-auth
ip http secure-trustpoint CA_XXX
If the router is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.
M
4014