STIGQter: STIG Summary: Cisco IOS Switch NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands.

DISA Rule

SV-220582r521267_rule

Vulnerability Number

V-220582

Group Title

SRG-APP-000101-NDM-000231

Rule Version

CISC-ND-000330

Severity

CAT II

CCI(s)

• CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Weight

10

Fix Recommendation

Configure the Cisco switch to log all configuration changes as shown in the example below:

SW4(config)#archive
SW4(config-archive)#log config
SW4(config-archive-log-cfg)#logging enable
SW4(config-archive-log-cfg)#end

Check Contents

Review the Cisco switch configuration to verify that it generates audit records of configuration changes. The configuration example below will log all configuration changes:

archive
log config
logging enable

Note: Configuration changes can be viewed using the show archive log config all command.

If the Cisco switch is not configured to generate audit records of configuration changes, this is a finding.

Vulnerability Number

V-220582

Documentable

False

Rule Version

CISC-ND-000330

Severity Override Guidance

Review the Cisco switch configuration to verify that it generates audit records of configuration changes. The configuration example below will log all configuration changes:

archive
log config
logging enable

Note: Configuration changes can be viewed using the show archive log config all command.

If the Cisco switch is not configured to generate audit records of configuration changes, this is a finding.

Check Content Reference

M

Target Key

4069

Comments