The network device must invoke a system shutdown in the event of a log failure, unless an alternative audit capability exists.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000171-NDM-000130 | SRG-NET-000171-NDM-000130 | SRG-NET-000171-NDM-000130_rule | Low |
| Description |
|---|
| It is critical that when a network device is at risk of failing to process audit logs as required, action is taken to mitigate the failure. If the device were to continue processing without auditing capabilities, the network device or the network could be compromised and vital forensic information would not be available for incident trace back. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000171-NDM-000130_chk ) |
|---|
| Verify the network device invokes a system shutdown in the event of a log failure, unless an alternative audit capability exists. If the network device does not invoke a system shutdown in the event of a log failure, this is a finding. |
| Fix Text (F-SRG-NET-000171-NDM-000130_fix) |
|---|
| Configure the network device to invoke a system shutdown in the event of a log failure. |