STIGQter: STIG Summary: Cisco IOS XE Switch NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.

DISA Rule

SV-220556r531084_rule

Vulnerability Number

V-220556

Group Title

SRG-APP-000412-NDM-000331

Rule Version

CISC-ND-001210

Severity

CAT I

CCI(s)

• CCI-003123 - The information system implements cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.

Weight

10

Fix Recommendation

Configure the Cisco switch to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm as shown in the example below:

SW1(config)#iip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

Check Contents

Review the Cisco switch configuration to verify that it is compliant with this requirement.

ip ssh version 2
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

If the switch is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.

Vulnerability Number

V-220556

Documentable

False

Rule Version

CISC-ND-001210

Severity Override Guidance

Review the Cisco switch configuration to verify that it is compliant with this requirement.

ip ssh version 2
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

If the switch is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.

Check Content Reference

M

Target Key

4067

Comments