An error occurred:

Check: CACI-ND-000029

Cisco ACI NDM STIG: CACI-ND-000029 (in version v1 r0.1)

Title

The Cisco ACI must generate log records for a locally developed list of auditable events. (Cat II impact)

Discussion

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured Cisco ACI. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis.

Check Content

Configure locally required events for auditing in compliance with the SSP: 1. Navigate to the Contracts section within the tenant. 2. Within the filter directives, select "Log" to enable logging for permit or deny actions on that filter. If locally required events that require auditing are not set to log, this is a finding.

Fix Text

Configure locally required events for auditing in compliance with the SSP: 1. Navigate to the "Contracts" section within the tenant. 2. Within the filter directives, verify the "Log" is enabled for permit or deny actions on that filter.

Additional Identifiers

Rule ID: SV-271944r1064343_rule

Vulnerability ID: V-271944

Group Title: SRG-APP-000516-NDM-000334

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000169

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a on organization-defined information system components.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-12

Audit Generation