RFC 3871           Operational Security Requirements      September 2004

             2.11.10. Logs Contain Records Of Security Events . . . . 54

             2.11.11. Logs Do Not Contain Passwords . . . . . . . . . 55

       2.12. Authentication, Authorization, and Accounting (AAA)

             Requirements . . . . . . . . . . . . . . . . . . . . . . 55

             2.12.1.  Authenticate All User Access. . . . . . . . . . 55

             2.12.2.  Support Authentication of Individual Users. . . 56

             2.12.3.  Support Simultaneous Connections. . . . . . . . 56

             2.12.4.  Ability to Disable All Local Accounts . . . . . 57

             2.12.5.  Support Centralized User Authentication

                      Methods . . . . . . . . . . . . . . . . . . . . 57

             2.12.6.  Support Local User Authentication Method. . . . 58

             2.12.7.  Support Configuration of Order of

                      Authentication Methods  . . . . . . . . . . . . 59

             2.12.8.  Ability To Authenticate Without Plaintext

                      Passwords . . . . . . . . . . . . . . . . . . . 59

             2.12.9.  No Default Passwords. . . . . . . . . . . . . . 60

             2.12.10. Passwords Must Be Explicitly Configured Prior

                      To Use. . . . . . . . . . . . . . . . . . . . . 60

             2.12.11. Ability to Define Privilege Levels. . . . . . . 61

             2.12.12. Ability to Assign Privilege Levels to Users . . 62

             2.12.13. Default Privilege Level Must Be 'None'. . . . . 62

             2.12.14. Change in Privilege Levels Requires

                      Re Authentication . . . . . . . . . . . . . . . 63

             2.12.15. Support Recovery Of Privileged Access . . . . . 64

       2.13. Layer 2 Devices Must Meet Higher Layer Requirements. . . 65

       2.14. Security Features Must Not Cause Operational Problems. . 65

       2.15. Security Features Should Have Minimal Performance

             Impact . . . . . . . . . . . . . . . . . . . . . . . . . 66

   3.  Documentation Requirements . . . . . . . . . . . . . . . . . . 67

       3.1.  Identify Services That May Be Listening. . . . . . . . . 67

       3.2.  Document Service Defaults. . . . . . . . . . . . . . . . 67

       3.3.  Document Service Activation Process. . . . . . . . . . . 68

       3.4.  Document Command Line Interface. . . . . . . . . . . . . 68

       3.5.  'Console' Default Communication Profile Documented . . . 69

   4.  Assurance Requirements . . . . . . . . . . . . . . . . . . . . 69

       4.1.  Identify Origin of IP Stack. . . . . . . . . . . . . . . 70

       4.2.  Identify Origin of Operating System. . . . . . . . . . . 70

   5.  Security Considerations . .  . . . . . . . . . . . . . . . . . 71

   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 71

       6.1.  Normative References . . . . . . . . . . . . . . . . . . 71

       6.2.  Informative References . . . . . . . . . . . . . . . . . 74

   Appendices

   A.  Requirement Profiles . . . . . . . . . . . . . . . . . . . . . 75

       A.1.  Minimum Requirements Profile . . . . . . . . . . . . . . 75

       A.2.  Layer 3 Network Edge Profile . . . . . . . . . . . . . . 78

   B.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 79

   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 80

   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 81

Jones                        Informational                      [Page 4]