STIGQter STIGQter: STIG Summary: Cisco IOS Switch NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.

DISA Rule

SV-220608r521267_rule

Vulnerability Number

V-220608

Group Title

SRG-APP-000412-NDM-000331

Rule Version

CISC-ND-001210

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the Cisco switch to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm as shown in the example below:

SW1(config)#ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

Check Contents

Review the Cisco switch configuration to verify that it implements cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm as shown in the example below:

ip ssh version 2
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

If the switch is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.

Vulnerability Number

V-220608

Documentable

False

Rule Version

CISC-ND-001210

Severity Override Guidance

Review the Cisco switch configuration to verify that it implements cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm as shown in the example below:

ip ssh version 2
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

If the switch is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.

Check Content Reference

M

Target Key

4069

Comments