The IAO/NSO will ensure administrator logons, changes to the administrator group, and account lockouts are logged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3178 | NET1300 | SV-3178r1_rule | ECAR-1 ECAR-2 ECAR-3 ECSC-1 | Low |
| Description |
|---|
| The firewall and the associated logging functions allows for forensic investigations if properly configured and protected. The administrators account is the most sought after account so extra protection must be taken to protect this account and log its activity. |
| STIG | Date |
|---|---|
| Firewall Security Technical Implementation Guide - Cisco | 2013-10-08 |
Details
| Check Text ( C-12954r1_chk ) |
|---|
| Have the FA display the logging configuration. Review log data created by firewall and identify if these features are being logged, such as log on. |
| Fix Text (F-14198r1_fix) |
|---|
| Have the FA make the necessary configuration changes and verify the corrections work by re-reviewing the firewall log. |