STIGQter STIGQter: STIG Summary: SEL-2740S NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 02 May 2019: The SEL-2740S must employ automated mechanisms to assist in the tracking of security incidents.

DISA Rule

SV-104421r2_rule

Vulnerability Number

V-94591

Group Title

SRG-APP-000516-NDM-000342

Rule Version

SELS-ND-001400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To configure the SEL-2740S to send logs to Syslog servers do the following:

1. Login with Permission Level 3 right into parent OTSDN Controller.
2. Go to the Configuration Objects settings page and select the desired switch.
3. Insert the Syslog log service and configure the settings with the desired IP addresses into the syslog settings fields.
4. Create the flow rules necessary for syslog.

Check Contents

Verify that the switch is configured to use a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.

1. Login with Permission Level 3 into the OTSDN Controller.
2. Go to the Configuration Object page and select the subject switch node.
3. Check the log services settings and confirm hat a syslog server IP address is in the settings fields.

If the SEL-2740S is not configured to use a syslog server, this is a finding.

Vulnerability Number

V-94591

Documentable

False

Rule Version

SELS-ND-001400

Severity Override Guidance

Verify that the switch is configured to use a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.

1. Login with Permission Level 3 into the OTSDN Controller.
2. Go to the Configuration Object page and select the subject switch node.
3. Check the log services settings and confirm hat a syslog server IP address is in the settings fields.

If the SEL-2740S is not configured to use a syslog server, this is a finding.

Check Content Reference

M

Target Key

3383

Comments