The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239939 | CASA-ND-001260 | SV-239939r851038_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. |
| STIG | Date |
|---|---|
| Cisco ASA NDM Security Technical Implementation Guide | 2022-09-12 |
Details
| Check Text ( C-43172r666178_chk ) |
|---|
| Review the Cisco ASA configuration to verify it is compliant with this requirement as shown in the example below. logging trap notifications logging host NDM_INTERFACE 10.1.48.10 6/1514 Note: A logging list can be used as an alternative to the severity level. If the Cisco ASA is not configured to offload log records onto a different system than the system being audited, this is a finding. |
| Fix Text (F-43131r666179_fix) |
|---|
| Configure the Cisco ASA to send log records to a syslog server as shown in the example below. ASA(config)# logging host NDM_INTERFACE 10.1.48.10 6/1514 ASA(config)# logging trap notifications ASA(config)# end |