Check: CSCO-NM-000240
Cisco ISE NDM STIG:
CSCO-NM-000240
(in version v2 r3)
Title
The Cisco ISE must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC). (Cat II impact)
Discussion
If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT).
Check Content
1. View the clock setting: show clock 2. Verify the clock is set to use UTC. If the Cisco ISE does not use UTC, this is a finding.
Fix Text
Change the clock to UTC using the CLI: clock timezone UTC Note: Sites may set the time zone to record time stamps in the local time zone (EDT) and then map to UTC.
Additional Identifiers
Rule ID: SV-242630r1167990_rule
Vulnerability ID: V-242630
Group Title: SRG-APP-000374-NDM-000299
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001890 |
Record time stamps for audit records that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp. |
Controls
| Number | Title |
|---|---|
| AU-8 |
Time Stamps |