STIGQter STIGQter: STIG Summary: Cisco IOS Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 26 Apr 2021:

The Cisco router must be configured to generate audit records containing the full-text recording of privileged commands.

DISA Rule

SV-215674r521266_rule

Vulnerability Number

V-215674

Group Title

SRG-APP-000101-NDM-000231

Rule Version

CISC-ND-000330

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Cisco router to log all configuration changes as shown in the example below.

R4(config)#archive
R4(config-archive)#log config
R4(config-archive-log-cfg)#logging enable
R4(config-archive-log-cfg)#end

Check Contents

Review the Cisco router configuration to verify that it is compliant with this requirement. The configuration example below will log all configuration changes.

archive
log config
logging enable

Note: Configuration changes can be viewed using the show archive log config all command.

If the Cisco router is not configured to generate audit records of configuration changes, this is a finding.

Vulnerability Number

V-215674

Documentable

False

Rule Version

CISC-ND-000330

Severity Override Guidance

Review the Cisco router configuration to verify that it is compliant with this requirement. The configuration example below will log all configuration changes.

archive
log config
logging enable

Note: Configuration changes can be viewed using the show archive log config all command.

If the Cisco router is not configured to generate audit records of configuration changes, this is a finding.

Check Content Reference

M

Target Key

4014

Comments