STIGQter: STIG Summary: Cisco IOS XR Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number.

DISA Rule

SV-216522r531088_rule

Vulnerability Number

V-216522

Group Title

SRG-APP-000001-NDM-000200

Rule Version

CISC-ND-000010

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Configure the router to limit the number of concurrent management sessions to an organization-defined number as shown in the example below.

RP/0/0/CPU0:R3(config)#ssh server session-limit 2

Check Contents

Note: This requirement is not applicable to file transfer actions such as FTP, SCP and SFTP.

Review the router configuration to determine if concurrent management sessions are limited as show in the example below:

ssh server session-limit 2

If the router is not configured to limit the number of concurrent management sessions, this is a finding.

Vulnerability Number

V-216522

Documentable

False

Rule Version

CISC-ND-000010

Severity Override Guidance

Note: This requirement is not applicable to file transfer actions such as FTP, SCP and SFTP.

Review the router configuration to determine if concurrent management sessions are limited as show in the example below:

ssh server session-limit 2

If the router is not configured to limit the number of concurrent management sessions, this is a finding.

Check Content Reference

M

Target Key

4023

Comments