Check: CISR-ND-000043
Cisco IOS XE Release 3 NDM STIG:
CISR-ND-000043
(in versions v1 r5 through v1 r4)
Title
The Cisco IOS XE router must off load audit records via syslog so the audit records can be backed up every seven days. (Cat III impact)
Discussion
Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.
Check Content
Verify that the Cisco IOS XE router is configured to use syslog. The configuration should look similar to the example below: logging host 1.1.1.1 If syslog is not configured, this is a finding.
Fix Text
Configure the Cisco IOS XE router to use syslog. The configuration should look similar to the example below: logging host 1.1.1.1
Additional Identifiers
Rule ID: SV-88679r2_rule
Vulnerability ID: V-74005
Group Title: SRG-APP-000125-NDM-000241
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001348 |
The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited. |
Controls
Number | Title |
---|---|
AU-9 (2) |
Audit Backup On Separate Physical Systems / Components |