STIGQter STIGQter: STIG Summary: Cisco NX-OS Switch NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco switch must be configured to prohibit the use of all unnecessary and nonsecure functions and services.

DISA Rule

SV-220486r604141_rule

Vulnerability Number

V-220486

Group Title

SRG-APP-000142-NDM-000245

Rule Version

CISC-ND-000470

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Disable features that should not be enabled unless required for operations.

SW2(config)# no feature telnet
SW2(config)# no feature dhcp
SW2(config)# no feature wccp
SW2(config)# no feature nxapi
SW2(config)# no feature imp

Note: Telnet must always be disabled.

Check Contents

Verify that the switch does not have any unnecessary or non-secure ports, protocols and services enabled. For example, the following features such as telnet should never be enabled, while other features should only be enabled if required for operations.

feature telnet
feature dhcp
feature wccp
feature nxapi
feature imp

If any unnecessary or non-secure ports, protocols, or services are enabled, this is a finding.

Vulnerability Number

V-220486

Documentable

False

Rule Version

CISC-ND-000470

Severity Override Guidance

Verify that the switch does not have any unnecessary or non-secure ports, protocols and services enabled. For example, the following features such as telnet should never be enabled, while other features should only be enabled if required for operations.

feature telnet
feature dhcp
feature wccp
feature nxapi
feature imp

If any unnecessary or non-secure ports, protocols, or services are enabled, this is a finding.

Check Content Reference

M

Target Key

4066

Comments