Title

The Cisco ASA must be configured to record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. (Cat II impact)

Discussion

Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the application include date and time. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks.

Check Content

Verify the ASA is configured to include the time on all log records as shown in the configuration example below. logging timestamp If time stamp is not configured, this is a finding.

Fix Text

Configure the ASA to include the time on all log records as shown in the example below. ASA(config)# logging timestamp

Additional Identifiers

Rule ID: SV-239925r879748_rule

Vulnerability ID: V-239925

Group Title: SRG-APP-000375-NDM-000300

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.