STIGQter STIGQter: STIG Summary: Cisco IOS XR Router NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: The Cisco router must produce audit records containing information to establish where the events occurred.

DISA Rule

SV-105535r1_rule

Vulnerability Number

V-96397

Group Title

SRG-APP-000097-NDM-000227

Rule Version

CISC-ND-000290

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the log-input parameter after any deny statements to provide the location as to where packets have been dropped via an ACL.

RP/0/0/CPU0:R3(config)#ipv4 access-list BLOCK_INBOUND
RP/0/0/CPU0:R3(config-ipv4-acl)#deny icmp any any log-input

Check Contents

Review the deny statements in all ACLs to determine if the log-input parameter has been configured as shown in the example below.

ipv4 access-list BLOCK_INBOUND
10 deny icmp any any log-input

If the router is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.

Vulnerability Number

V-96397

Documentable

False

Rule Version

CISC-ND-000290

Severity Override Guidance

Review the deny statements in all ACLs to determine if the log-input parameter has been configured as shown in the example below.

ipv4 access-list BLOCK_INBOUND
10 deny icmp any any log-input

If the router is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.

Check Content Reference

M

Target Key

3475

Comments