Check: CISR-ND-000128
Cisco IOS XE Release 3 NDM STIG:
CISR-ND-000128
(in versions v1 r5 through v1 r4)
Title
The Cisco IOS XE router must off-load audit records onto a different system or media than the system being audited. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
Check Content
Verify that the Cisco IOS XE router is configured to send logs to a syslog server. The configuration should look similar to the example below: logging host 1.1.1.1 If it is not configured to send logs to a syslog server, this is a finding.
Fix Text
Configure the Cisco IOS XE router to enable syslog. The configuration should look similar to the example below: logging host 1.1.1.1
Additional Identifiers
Rule ID: SV-88749r2_rule
Vulnerability ID: V-74075
Group Title: SRG-APP-000515-NDM-000325
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |
Controls
Number | Title |
---|---|
AU-4 (1) |
Transfer To Alternate Storage |