STIGQter: STIG Summary: Cisco IOS Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 26 Apr 2021:

The Cisco router must only store cryptographic representations of passwords.

DISA Rule

SV-215687r521266_rule

Vulnerability Number

V-215687

Group Title

SRG-APP-000171-NDM-000258

Rule Version

CISC-ND-000620

Severity

CAT I

CCI(s)

• CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure the router to encrypt all passwords.

R4(config)#service password-encryption
R4(config)#end

Check Contents

Review the router configuration to determine if passwords are encrypted as shown in the example below.

service password-encryption

If the router is not configured to encrypt passwords, this is a finding.

Vulnerability Number

V-215687

Documentable

False

Rule Version

CISC-ND-000620

Severity Override Guidance

Review the router configuration to determine if passwords are encrypted as shown in the example below.

service password-encryption

If the router is not configured to encrypt passwords, this is a finding.

Check Content Reference

M

Target Key

4014

Comments