Check: CISR-ND-000026
Cisco ISR 4000 Series NDM STIG:
CISR-ND-000026
(in version v1 r1)
Title
The Cisco ISR 4000 Series router must initiate session auditing upon startup. (Cat III impact)
Discussion
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
Check Content
Verify that logging is properly configured on the Cisco ISR 4000 Series router. The configuration will look similar to the example below: logging userinfo login on-failure log login on-success log archive log config logging enable logging size 1000 notify syslog contenttype plaintext hidekeys If logging is not configured, this is a finding.
Fix Text
Enter the following commands to enable auditing. The configuration will look similar to the example below: logging userinfo login on-failure log login on-success log archive log config logging enable logging size 1000 notify syslog contenttype plaintext hidekeys
Additional Identifiers
Rule ID:
Vulnerability ID: V-73987
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001464 |
The information system initiates session audits at system start-up. |
Controls
Number | Title |
---|---|
AU-14 (1) |
System Start-Up |