STIGQter: STIG Summary: Cisco IOS XE Switch NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco switch must only store cryptographic representations of passwords.

DISA Rule

SV-220543r531084_rule

Vulnerability Number

V-220543

Group Title

SRG-APP-000171-NDM-000258

Rule Version

CISC-ND-000620

Severity

CAT I

CCI(s)

• CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure the switch to encrypt all passwords:

SW4(config)#service password-encryption
SW4(config)#enable secret xxxxxxxxxxxx
SW4(config)#end

Check Contents

Review the switch configuration to determine if passwords are encrypted as shown in the example below:

service password-encryption
…
…
…
Enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx

If the switch is not configured to encrypt passwords, this is a finding.

Vulnerability Number

V-220543

Documentable

False

Rule Version

CISC-ND-000620

Severity Override Guidance

Review the switch configuration to determine if passwords are encrypted as shown in the example below:

service password-encryption
…
…
…
Enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx

If the switch is not configured to encrypt passwords, this is a finding.

Check Content Reference

M

Target Key

4067

Comments