An error occurred:

Check: CASA-ND-001260

Cisco ASA NDM STIG: CASA-ND-001260 (in versions v1 r6 through v1 r1)

Title

The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited. (Cat II impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

Check Content

Review the Cisco ASA configuration to verify it is compliant with this requirement as shown in the example below. logging trap notifications logging host NDM_INTERFACE 10.1.48.10 6/1514 Note: A logging list can be used as an alternative to the severity level. If the Cisco ASA is not configured to offload log records onto a different system than the system being audited, this is a finding.

Fix Text

Configure the Cisco ASA to send log records to a syslog server as shown in the example below. ASA(config)# logging host NDM_INTERFACE 10.1.48.10 6/1514 ASA(config)# logging trap notifications ASA(config)# end

Additional Identifiers

Rule ID: SV-239939r879886_rule

Vulnerability ID: V-239939

Group Title: SRG-APP-000515-NDM-000325

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001851

The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4 (1)

Transfer To Alternate Storage