UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network element’s running configuration must be synchronized with the startup configuration after changes have been made and implemented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3072 NET1030 SV-3072r2_rule COBR-1 ECSC-1 Low
Description
If the running and startup router configurations are not synchronized properly and a router malfunctions, it will not restart with all of the recent changes incorporated. If the recent changes were security related, then the routers would be vulnerable to attack.
STIG Date
IPSec VPN Gateway Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-3636r5_chk )
IOS Procedure: With online editing, the "show running-config" command will only show the current running configuration settings, which are different from the IOS defaults. The "show startup-config" command will show the NVRAM startup configuration. Compare the two configurations to ensure they are synchronized.


JUNOS Procedure: This will never be a finding. The active configuration is stored on flash as juniper.conf. A candidate configuration allows configuration changes while in configuration mode without initiating operational changes. The router implements the candidate configuration when it is committed; thereby, making it the new active configuration—at which time it will be stored on flash as juniper.conf and the old juniper.conf will become juniper.conf.1.
Fix Text (F-3097r4_fix)
Add procedures to the standard operating procedure to keep the running configuration synchronized with the startup configuration.