Check: CISR-ND-000043
Cisco ISR 4000 Series NDM STIG:
CISR-ND-000043
(in version v1 r1)
Title
The Cisco ISR 4000 Series router must off load audit records via syslog so the audit records can be backed up every seven days. (Cat III impact)
Discussion
Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.
Check Content
Verify that the Cisco ISR 4000 Series router is configured to use syslog. The configuration should look similar to the example below: logging host 1.1.1.1 If syslog is not configured, this is a finding.
Fix Text
Configure the Cisco ISR 4000 Series router to use syslog. The configuration should look similar to the example below: logging host 1.1.1.1
Additional Identifiers
Rule ID:
Vulnerability ID: V-74005
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001348 |
The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited. |
Controls
Number | Title |
---|---|
AU-9 (2) |
Audit Backup On Separate Physical Systems / Components |