Check: NET0198
Network Infrastructure Policy STIG:
NET0198
(in versions v10 r7 through v10 r1)
Title
Dynamic Host Configuration Protocol (DHCP) audit and event logs must record sufficient forensic data to be stored online for thirty days and offline for one year. (Cat II impact)
Discussion
In order to identify and combat IP address spoofing, it is highly recommended that the DHCP server logs MAC addresses and hostnames on the DHCP server, in addition to standard data such as IP address and date/time.
Check Content
Verify the DHCP audit and event logs include hostnames and MAC addresses of all clients, in addition to IP address and date/time. Also, validate logs are kept online for thirty days and offline for one year. If the logs do not include hostnames and MAC addresses along with the IP address and date/time, or if the logs are not kept online for thirty days and offline for one year, this is a finding.
Fix Text
Configure the DHCP audit and event logs to log hostname and MAC addresses, in addition to IP address and date/time. Store the logs for a minimum of thirty days online and then offline for one year.
Additional Identifiers
Rule ID: SV-251361r853649_rule
Vulnerability ID: V-251361
Group Title: NET0198
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001902 |
Provide the means for authorized individuals to determine the identity of the producer of the information. |
CCI-001932 |
The organization documents an identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. |