UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO will ensure all AAA authentication services are configured to use two-factor authentication .


Overview

Finding ID Version Rule ID IA Controls Severity
V-25894 NET0431 SV-32516r1_rule Low
Description
AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server. Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage. Without AAA, unauthorized users may gain access and possibly control of the routers. If the router network is compromised, large portions of the network could be incapacitated with only a few commands.
STIG Date
Network Devices Security Technical Implementation Guide 2018-02-27

Details

Check Text ( C-32825r1_chk )
Have the administrator discuss their implementation. A typical AAA process includes the device being authenticated to direct authentication request directly to a 2-facor server (i.e. ACE) or to an AAA server via RADIUS or TACACS+ which redirects the 'authentication' request to the 2-facor server. Request the administrator to demonstrate the implementation.
Fix Text (F-28936r1_fix)
The IAO will implement a 2-factor authentication solution for granting administrative access to all network elements.