Check: CISR-ND-000128
Cisco ISR 4000 Series NDM STIG:
CISR-ND-000128
(in version v1 r1)
Title
The Cisco ISR 4000 Series router must off-load audit records onto a different system or media than the system being audited. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
Check Content
Verify that the Cisco ISR 4000 Series router is configured to send logs to a syslog server. The configuration should look similar to the example below: logging host 1.1.1.1 If it is not configured to send logs to a syslog server, this is a finding.
Fix Text
Configure the Cisco ISR 4000 Series router to enable syslog. The configuration should look similar to the example below: logging host 1.1.1.1
Additional Identifiers
Rule ID:
Vulnerability ID: V-74075
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |
Controls
Number | Title |
---|---|
AU-4 (1) |
Transfer To Alternate Storage |