The Cisco router must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and in accordance with CJCSM 6510.01B.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-96481 | CISC-ND-001340 | SV-105619r1_rule | Medium |
| Description |
|---|
| By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the network device. |
| STIG | Date |
|---|---|
| Cisco IOS XR Router NDM Security Technical Implementation Guide | 2019-07-26 |
Details
| Check Text ( C-95317r1_chk ) |
|---|
| The Cisco router is not compliant with this requirement. However, the risk associated with this requirement can be fully mitigated if the router is configured to send logs to a syslog server that can send alerts to the appropriate personnel. Verify that the router is configured to send logs to a syslog server. The configuration should look similar to the example below: logging 10.1.3.22 vrf default severity info If the router is not configured to send log messages to a syslog server, this is a finding. |
| Fix Text (F-102157r1_fix) |
|---|
| Configure the router to send log messages to the syslog server as shown in the example below. RP/0/0/CPU0:R3(config)#logging 10.1.3.22 severity info |