Check: CSCO-NC-000190
Cisco ISE NAC STIG:
CSCO-NC-000190
(in versions v2 r1 through v1 r3)
Title
The Cisco ISE must off-load log records onto a different system. This is required for compliance with C2C Step 1. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. This does not apply to audit logs generated on behalf of the device itself (management).
Check Content
If DoD is not at C2C Step 1 or higher, this is not a finding. Navigate to Administration >> System >> Backup and Restore. Ensure that operational data backups are scheduled. If operational backups are not scheduled, this is a finding.
Fix Text
From the Web Admin portal: 1. Navigate to Administration >> System >> Backup and Restore. 2. Select the "Schedule" option next to Operational Data Backup. 3. Configure operational data backup at a desired frequency.
Additional Identifiers
Rule ID: SV-242593r855854_rule
Vulnerability ID: V-242593
Group Title: SRG-NET-000334-NAC-001350
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |
Controls
| Number | Title |
|---|---|
| AU-4(1) |
Transfer to Alternate Storage |