Check: SRG-APP-000100-NDM-000230
Network Device Management SRG:
SRG-APP-000100-NDM-000230
(in versions v4 r3 through v2 r7)
Title
The network device must generate audit records containing information that establishes the identity of any individual or process associated with the event. (Cat II impact)
Discussion
Without information that establishes the identity of the subjects (i.e., administrators or processes acting on behalf of administrators) associated with the events, security personnel cannot determine responsibility for the potentially harmful event. Event identifiers (if authenticated or otherwise known) include, but are not limited to, user database tables, primary key values, user names, or process identifiers.
Check Content
Determine if the network device generates audit records containing information that establishes the identity of any individual or process associated with the event. This requirement may be verified by demonstration or validated test results. If the network device does not generate audit records containing information that establishes the identity of any individual or process associated with the event, this is a finding.
Fix Text
Configure the network device to generate audit records containing information that establishes the identity of any individual or process associated with the event.
Additional Identifiers
Rule ID: SV-202035r879568_rule
Vulnerability ID: V-202035
Group Title: SRG-APP-000100
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001487 |
The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event. |
Controls
Number | Title |
---|---|
AU-3 |
Content Of Audit Records |