Common Controls Hub
The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.
Cisco ASA NDM Security Technical Implementation Guide
Check Text ( C-43172r666178_chk )
Review the Cisco ASA configuration to verify it is compliant with this requirement as shown in the example below.
logging trap notifications
logging host NDM_INTERFACE 10.1.48.10 6/1514
Note: A logging list can be used as an alternative to the severity level.
If the Cisco ASA is not configured to offload log records onto a different system than the system being audited, this is a finding.
Fix Text (F-43131r666179_fix)
Configure the Cisco ASA to send log records to a syslog server as shown in the example below.
ASA(config)# logging host NDM_INTERFACE 10.1.48.10 6/1514
ASA(config)# logging trap notifications