AAA Services used to authenticate privileged users for device management must be configured to connect to the management network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-204700 | SRG-APP-000516-AAA-000630 | SV-204700r961863_rule | CCI-000366 | medium |
| Description | ||||
| Using standardized authentication protocols such as RADIUS, TACACS+, and Kerberos, an authentication server provides centralized and robust authentication services for the management of network components. In order to control access to the servers as well as monitor traffic to them, the authentication servers should only be connected to the management network. | ||||
| STIG | Date | |||
| AAA Services Security Requirements Guide | 2024-12-04 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V2R2 · disa_xccdf · related
Details
Check Text (C-204700r961863_chk)
If AAA Services are not used for authentication of privileged users to AAA Services, this is not applicable.
Verify AAA Services are configured to connect to the management network. Confirm AAA Services are not dual-homed by physically inspecting the physical LAN connection.
If AAA Services are configured to connect to a non-management network, this is a finding.
Fix Text (F-4823r389382_fix)
Configure AAA Services used to authenticate privileged users for device management to connect to the management network.