The network device must use cryptographic mechanisms to protect the integrity of audit log information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000106-NDM-000071 | SRG-NET-000106-NDM-000071 | SRG-NET-000106-NDM-000071_rule | Medium |
| Description |
|---|
| Without the use of mechanisms, such as a signed hash using asymmetric cryptography, the integrity of the collected audit data is not fully protected. The application level audit trail log stores auditing results of enforcement actions based on the access control restrictions and other security policy for the network device itself. This control requires the configuration of a cryptographic module with strong integrity protection. Integrity protection is provided by the hashing algorithm used by the cryptographic module. Use of FIPS-validated or NSA-approved cryptography will ensure compliance. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000106-NDM-000071_chk ) |
|---|
| If cryptography is not required by the data owner or organizational policy, this is not applicable. Examine the cryptographic module used for storing and transmitting event audit logs. Verify the cryptographic module is configured to use an asymmetric hashing algorithm which uses asymmetric cryptography. If audit logs are not configured to use hashing algorithms which use asymmetric cryptography, this is a finding. |
| Fix Text (F-SRG-NET-000106-NDM-000071_fix) |
|---|
| Configure audit logs to use hashing algorithms which use asymmetric cryptography in storage and during transmission. |