U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Security Content Automation Protocol SCAP

CISCO IOS Example

XCCDF Benchmark: XCCDF Sample for Cisco IOS

XCCDF Sample for Cisco IOS

Status: draft (as of 2004-10-07)

Version: 0.12.1

Applies to:

  • Cisco IOS Routers version 11.x
  • Cisco IOS Routers version 12+

 

1. Introduction

Description

Legal Notice

2. Tailoring Values

2.1. Value: IOS - line exec timeout value

Description

2.2. Value: Logging level for buffered logging

Description

3. Rules

3.1. Group: Management Plane Rules

Dependencies

3.1.1. Rule: IOS 11 - no IP finger service

Remediation

3.1.2. Rule: IOS 12 - no IP finger service

Remediation

3.1.3. Rule: Require exec session timeout on admin sessions

Rationale

3.2. Group: Control Plane Rules

3.2.1. Rule: Disable tcp-small-servers

Remediation

3.2.2. Rule: Disable udp-small-servers

Remediation

3.2.3. Rule: Set the buffered logging level

Remediation

3.3. Group: Data Plane Level 1

3.3.1. Group: Routing Rules

4. Profiles

4.1. Profile: Sample Profile No. 1

Item Selections

Value Settings

Tailoring value adjustments explicitly set for this profile:

4.2. Profile: Sample Profile No. 2

5. References

  1. NSA Router Security Configuration Guide, Version 1.1b [link]
  2. SANS Securing Cisco Routers Step-by-Step

Created December 07, 2016, Updated October 26, 2021