STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Cisco IOS XE Router NDM Security Technical Implementation Guide

V-215822

CAT II (Medium)

The Cisco router must be configured to limit privileges to change the software resident within software libraries.

Rule ID

SV-215822r960960_rule

STIG

Cisco IOS XE Router NDM Security Technical Implementation Guide

Version

V3R7

CCIs

CCI-001499

Discussion

Changes to any software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed administrative access to the network device for implementing any changes or upgrades. If the network device were to enable non-authorized users to make changes to software libraries, those changes could be implemented without undergoing testing, validation, and approval.

Check Content

Verify that the router is not configured with a privilege level other than "15" to allow access to the file system as shown in the example below.

file privilege 10 

Note: The default privilege level required for access to the file system is "15"; hence, the command file privilege "15" will not be shown in the configuration.

If the router is configured with a privilege level other than "15" to allow access to the file system, this is a finding.

Fix Text

Configure the router to only allow administrators with privilege level "15" access to the file system as shown in the example below.

R4(config)#file privilege 15