UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239971 CASA-VN-000500 SV-239971r666319_rule Medium
Description
Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event.
STIG Date
Cisco ASA VPN Security Technical Implementation Guide 2024-06-10

Details

Check Text ( C-43204r666317_chk )
Review the ASA configuration to determine if VPN events are logged as shown in the example below.

logging class vpn trap notifications
logging class vpnc trap notifications
logging class vpnfo trap notifications
logging class webfo trap notifications
logging class webvpn trap notifications
logging class svc trap notifications

Note: A logging list can be used as an alternative to using class.

If the ASA is not configured to log entries containing information to establish the identity of any individual or process associated with the event, this is a finding.
Fix Text (F-43163r666318_fix)
Configure the ASA to generate logs containing information to establish the identity of any individual or process associated with the event as shown in the example below.

ciscoasa(config)# logging class vpn trap notifications
ciscoasa(config)# logging class vpnc trap notifications
ciscoasa(config)# logging class vpnfo trap notifications
ciscoasa(config)# logging class webvpn trap notifications
ciscoasa(config)# logging class webfo trap notifications
ciscoasa(config)# logging class svc trap notifications
ciscoasa(config)# end