STIGQter: STIG Summary: Cisco IOS XE Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco router must only store cryptographic representations of passwords.

DISA Rule

SV-215832r531083_rule

Vulnerability Number

V-215832

Group Title

SRG-APP-000171-NDM-000258

Rule Version

CISC-ND-000620

Severity

CAT I

CCI(s)

• CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure the router to encrypt all passwords.

R4(config)#service password-encryption
R4(config)#end

Check Contents

Review the router configuration to determine if passwords are encrypted as shown in the example below.

service password-encryption

If the router is not configured to encrypt passwords, this is a finding.

Vulnerability Number

V-215832

Documentable

False

Rule Version

CISC-ND-000620

Severity Override Guidance

Review the router configuration to determine if passwords are encrypted as shown in the example below.

service password-encryption

If the router is not configured to encrypt passwords, this is a finding.

Check Content Reference

M

Target Key

4020

Comments