Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000114-NDM-000074 | SRG-NET-000114-NDM-000074 | SRG-NET-000114-NDM-000074_rule | Low |
Description |
---|
Logging the actions of specific events provides a way to investigate an attack, recognize resource utilization or capacity thresholds, or to identify an improperly configured network device. If administrators do not have granular control of the rule to be applied and logged for later analysis, then malicious attacks may be missed. Configuration of the audit log, particularly the audit events captured must be restricted to access by designated individuals only. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2013-07-30 |
Check Text ( C-SRG-NET-000114-NDM-000074_chk ) |
---|
Obtain a list of organizationally defined events which should be logged. Verify this list of events is configured for logging by viewing the network device event alert functionality. If the network device does not allow administrators to select which auditable events are logged, this is a finding. |
Fix Text (F-SRG-NET-000114-NDM-000074_fix) |
---|
Configure the network device settings to allow authorized personnel to select which auditable events are audited. |