Title

The Cisco ACI must generate log records for a locally developed list of auditable events. (Cat II impact)

Discussion

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured Cisco ACI. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis.

Check Content

Configure locally required events for auditing in compliance with the SSP: 1. Navigate to the "Contracts" section within the tenant. 2. View the existing contracts: Tenants >> {{your_tenant}} >> Contracts >> {{your_contract}} to verify that log is enabled for each filter. If log is not enabled for each filter, this is a finding.

Fix Text

Configure locally required events for auditing in compliance with the SSP: 1. Navigate to the "Contracts" section within the tenant. 2. View the existing contracts: Tenants >> {{your_tenant}} >> Contracts >> {{your_contract}}. 3. Check the directive to enable log is for each filter.

Additional Identifiers

Rule ID: SV-271944r1168370_rule

Vulnerability ID: V-271944

Group Title: SRG-APP-000516-NDM-000334

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.