The IAO will ensure all AAA authentication services are configured to use two-factor authentication .

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25894	NET0431	SV-32516r1_rule		Low

Description
AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server. Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage. Without AAA, unauthorized users may gain access and possibly control of the routers. If the router network is compromised, large portions of the network could be incapacitated with only a few commands.

Description

AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server. Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage. Without AAA, unauthorized users may gain access and possibly control of the routers. If the router network is compromised, large portions of the network could be incapacitated with only a few commands.

STIG	Date
Network Devices Security Technical Implementation Guide	2018-11-27

Details

Check Text ( C-32825r1_chk )
Have the administrator discuss their implementation. A typical AAA process includes the device being authenticated to direct authentication request directly to a 2-facor server (i.e. ACE) or to an AAA server via RADIUS or TACACS+ which redirects the 'authentication' request to the 2-facor server. Request the administrator to demonstrate the implementation.

Fix Text (F-28936r1_fix)
The IAO will implement a 2-factor authentication solution for granting administrative access to all network elements.