STIGQter STIGQter: STIG Summary: Cisco IOS XR Router NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: The Cisco router must use cryptographic mechanisms to protect the integrity of audit information at rest.

DISA Rule

SV-105539r1_rule

Vulnerability Number

V-96401

Group Title

SRG-APP-000126-NDM-000242

Rule Version

CISC-ND-000440

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Disable archive logging as shown in the example below:

RP/0/0/CPU0:R3(config)#no logging archive

Check Contents

The Cisco router is not compliant with this requirement. However, the risk associated with this requirement can be fully mitigated if archive logging is not enabled. The following is an example of archive logging.

logging archive
device disk0
severity notifications
file-size 50
frequency daily
archive-size 200

If archive logging is configured, this is a finding.

Vulnerability Number

V-96401

Documentable

False

Rule Version

CISC-ND-000440

Severity Override Guidance

The Cisco router is not compliant with this requirement. However, the risk associated with this requirement can be fully mitigated if archive logging is not enabled. The following is an example of archive logging.

logging archive
device disk0
severity notifications
file-size 50
frequency daily
archive-size 200

If archive logging is configured, this is a finding.

Check Content Reference

M

Target Key

3475

Comments