UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO will ensure the authentication server is configured to use tiered authorization groups for various levels of access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25895 NET0432 SV-32517r1_rule Low
Description
The foundation of a good security scheme in the network is the protection of the user interfaces of the networking devices from unauthorized access. Protecting access to the user interfaces on your network devices prevents unauthorized users from making configuration changes that can disrupt the stability of your network or compromise your network security.
STIG Date
Network Devices Security Technical Implementation Guide 2018-02-27

Details

Check Text ( C-32826r1_chk )
Review the AAA server implemented and determine if user profiles are members of a group. Determine if the groups have different privileges and the users are in the appropriate groups. In the following TACACS example the user (rtr-test) is a member of the group “rtr-basic”.

$/opt/ciscosecure/CLI/ViewProfile -p 9900 -u rtr_test
User Profile Information
user = rtr_test{
profile_id = 66
profile_cycle = 1
member = rtr_basic
password = des "********"
}


Below is an example of CiscoSecure TACACS+ server defining the privilege level.
user = junior-engineer1 {
password = clear "xxxxx"
service = shell {
set priv-lvl = 7
}
}
Fix Text (F-28937r1_fix)
The administrator will configure the authentication server with standard accounts and assign them to privilege levels that meet their job description