SV-215845r531083_rule
V-215845
SRG-APP-000412-NDM-000331
CISC-ND-001210
CAT I
10
Configure the Cisco router to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm as shown in the examples below.
SSH Example
R1(config)#ip ssh server algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr
HTTPS Example
R2(config)#ip http secure-ciphersuite aes-128-cbc-sha
Review the Cisco router configuration to verify that it is compliant with this requirement.
SSH Example
ip ssh version 2
ip ssh server algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr
HTTPS Example
ip http secure-server
ip http secure-ciphersuite aes-128-cbc-sha
ip http secure-client-auth
ip http secure-trustpoint CA_XXX
If the router is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.
V-215845
False
CISC-ND-001210
Review the Cisco router configuration to verify that it is compliant with this requirement.
SSH Example
ip ssh version 2
ip ssh server algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr
HTTPS Example
ip http secure-server
ip http secure-ciphersuite aes-128-cbc-sha
ip http secure-client-auth
ip http secure-trustpoint CA_XXX
If the router is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.
M
4020