Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Security Content Automation Protocol SCAP

CISCO IOS Example

XCCDF Benchmark: XCCDF Sample for Cisco IOS

XCCDF Sample for Cisco IOS

Status: draft (as of 2004-10-07)

Version: 0.12.1

Applies to:

  • Cisco IOS Routers version 11.x
  • Cisco IOS Routers version 12+

 

1. Introduction

Description

Legal Notice

2. Tailoring Values

2.1. Value: IOS - line exec timeout value

Description

2.2. Value: Logging level for buffered logging

Description

3. Rules

3.1. Group: Management Plane Rules

Dependencies

3.1.1. Rule: IOS 11 - no IP finger service

Remediation

3.1.2. Rule: IOS 12 - no IP finger service

Remediation

3.1.3. Rule: Require exec session timeout on admin sessions

Rationale

3.2. Group: Control Plane Rules

3.2.1. Rule: Disable tcp-small-servers

Remediation

3.2.2. Rule: Disable udp-small-servers

Remediation

3.2.3. Rule: Set the buffered logging level

Remediation

3.3. Group: Data Plane Level 1

3.3.1. Group: Routing Rules

4. Profiles

4.1. Profile: Sample Profile No. 1

Item Selections

Value Settings

Tailoring value adjustments explicitly set for this profile:

4.2. Profile: Sample Profile No. 2

5. References

  1. NSA Router Security Configuration Guide, Version 1.1b [link]
  2. SANS Securing Cisco Routers Step-by-Step

Created December 07, 2016, Updated June 22, 2020