Check: CISR-ND-000026
Cisco IOS XE Release 3 NDM STIG:
CISR-ND-000026
(in versions v1 r5 through v1 r4)
Title
The Cisco IOS XE router must initiate session auditing upon startup. (Cat III impact)
Discussion
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
Check Content
Verify that logging is properly configured on the Cisco IOS XE router. The configuration will look similar to the example below: logging userinfo login on-failure log login on-success log archive log config logging enable logging size 1000 notify syslog contenttype plaintext hidekeys If logging is not configured, this is a finding.
Fix Text
Enter the following commands to enable auditing. The configuration will look similar to the example below: logging userinfo login on-failure log login on-success log archive log config logging enable logging size 1000 notify syslog contenttype plaintext hidekeys
Additional Identifiers
Rule ID: SV-88661r2_rule
Vulnerability ID: V-73987
Group Title: SRG-APP-000092-NDM-000224
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001464 |
The information system initiates session audits at system start-up. |
Controls
Number | Title |
---|---|
AU-14 (1) |
System Start-Up |