The Cisco ISR 4000 Series router must off-load audit records onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-74075 | CISR-ND-000128 | SV-88749r1_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
| STIG | Date |
|---|---|
| Cisco IOS XE Release 3 NDM Security Technical Implementation Guide | 2017-10-02 |
Details
| Check Text ( C-74167r2_chk ) |
|---|
| Verify that the Cisco ISR 4000 Series router is configured to send logs to a syslog server. The configuration should look similar to the example below: logging host 1.1.1.1 If it is not configured to send logs to a syslog server, this is a finding. |
| Fix Text (F-80615r2_fix) |
|---|
| Configure the Cisco ISR 4000 Series router to enable syslog. The configuration should look similar to the example below: logging host 1.1.1.1 |