UCF STIG Viewer Logo

The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited.


Finding ID Version Rule ID IA Controls Severity
V-239939 CASA-ND-001260 SV-239939r666180_rule Medium
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.
Cisco ASA NDM Security Technical Implementation Guide 2021-03-15


Check Text ( C-43172r666178_chk )
Review the Cisco ASA configuration to verify it is compliant with this requirement as shown in the example below.

logging trap notifications
logging host NDM_INTERFACE 6/1514

Note: A logging list can be used as an alternative to the severity level.

If the Cisco ASA is not configured to offload log records onto a different system than the system being audited, this is a finding.
Fix Text (F-43131r666179_fix)
Configure the Cisco ASA to send log records to a syslog server as shown in the example below.

ASA(config)# logging host NDM_INTERFACE 6/1514
ASA(config)# logging trap notifications
ASA(config)# end