An error occurred:

Check: RCKS-NDM-000880

RUCKUS ICX NDM STIG: RCKS-NDM-000880 (in version v1 r1)

Title

The RUCKUS ICX device must off-load audit records onto a different system or media than the system being audited. (Cat II impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-APP-000515-NDM-000325, SRG-APP-000360-NDM-000295

Check Content

Verify external syslog server is configured and online: show running-config | include logging host If there is no output or the host displayed is unreachable, this is a finding.

Fix Text

Configure syslog host: SSH@ICX(config)# logging host x.x.x.x

Additional Identifiers

Rule ID: SV-273832r1110849_rule

Vulnerability ID: V-273832

Group Title: SRG-APP-000515-NDM-000325

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001851

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.
CCI-001858

Provide an alert in an organization-defined real-time-period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4(1)

Transfer to Alternate Storage
AU-5(2)

Real-time Alerts