UCF STIG Viewer Logo

Administrator logons, changes to the administrator group, and account lockouts must be logged.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3178 NET1300 SV-3178r2_rule ECAR-1 ECAR-2 ECAR-3 ECSC-1 Low
Description
The network device and the associated logging functions allows for forensic investigations if properly configured and protected. The administrators account is the most sought after account so extra protection must be taken to protect this account and log its activity.
STIG Date
Firewall Security Technical Implementation Guide - Cisco 2017-12-07

Details

Check Text ( C-12954r5_chk )
Review the device configuration to determine if all administrative actions are being logged.

If administrative actions are not being logged, this is a finding.
Fix Text (F-14198r2_fix)
Configure the network device to log all administrative actions performed on the device.