| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-215824 | CAT II | MONTPOINTGTWYRTR | Cisco IOS XE Router NDM Security Technic... | The Cisco router must be configured with only one ... | - | |||
Check TextStep 1: Review the Cisco router configuration to verify that a local account for last resort has been configured. username xxxxxxxxxxx privilege nn common-criteria-policy PASSWORD_POLICY password xxxxxxxxxx Note: The configured Common Criteria policy must be used when creating or changing the local account password as shown in the example above. Step 2: Verify that local is defined after radius or tacas+ in the authentication order as shown in the example below. aaa authentication login default group tacacs+ local If the Cisco router is not configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable, this is a finding. Fix TextStep 1: Configure a local account as shown in the example below. R2(config)#username xxxxxxxxx privilege nn secret xxxxxxx Step 2: Configure the authentication order to use the local account if the authentication server is not reachable as shown in the following example: R2(config)#aaa authentication login default group tacacs+ local Finding DetailsEvaluate-STIG 1.2507.5 (Scan-CiscoXERouterNDM_Checks) found this to be OPEN on 10/23/2025 ResultHash: F317A8608580E65A7FD848FF078AE7B20D6F8440 ~~~~~ Accounts username emer-access privilege 0 secret 9 <pwd removed> Verify that a local account for last resort has been configured with a privilege level that will enable the administrator to troubleshoot connectivity to the authentication server. AAA Login Method: aaa authentication login default group ISE group AR21-Radius local
Source: _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl
Scan Date: 2026-01-14T12:57:25.013310
Technology Area: Internal Network
|
||||||||