Rule ID
SV-284529r1244935_rule
Version
V1R1
CCIs
Multifactor authentication (MFA) is required for all administrative and user accounts on network devices, except for an account of last resort and (where applicable) a root account. Passwords should only be used when MFA using public key infrastructure (PKI) is not available, and for the account of last resort and root account.
1. In the Web UI, navigate to System >> Configuration >> Inbound SSL Options. 2. Under "Allowed SSL and TLS Version", verify "Accept only TLS 1.2 (maximize security)" is selected. 3. Navigate to System >> Configuration >> Outbound SSL Options. 4. View the setting for "Allowed SSL and TLS Version". If "Accept only TLS 1.2 (maximize security)" is not checked, this is a finding.
1. In the Web UI, navigate to System >> Configuration >> Inbound SSL Options. 2. Under "Allowed SSL and TLS Version", check the box for "Accept only TLS 1.2 (maximize security)". 3. Click "Save Changes". 4. Click "Proceed" to accept the cipher change. 5. Navigate to System >> Configuration >> Outbound SSL Options. 6. Under "Allowed SSL and TLS Version", check the box for "Accept only TLS 1.2 (maximize security)". 7. Click "Save Changes". 8. Click "Proceed" to accept the cipher change.