STIGQter STIGQter: STIG Summary: Cisco ISE NAC Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must generate a critical alert to be sent to the ISSO and SA (at a minimum) if it is unable to communicate with the central event log.

DISA Rule

SV-242597r714101_rule

Vulnerability Number

V-242597

Group Title

SRG-NET-000088-NAC-000440

Rule Version

CSCO-NC-000230

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure a log to be generated and sent when a Logging Target becomes unavailable.

From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Configure the "Internal Operations Diagnostics" category Targets field to have "LogCollector" and "LogCollector2". If the environment has an additional SYSLOG server, it can be selected here as well.

Note: "LogCollector" and "LogCollector2" are not configured for this category by default. These logs will be viewable at Operations >> Reports >> Reports >> Diagnostics >> System Diagnostic.

Check Contents

Verify that a log will be generated and sent when a Logging Target becomes unavailable.

From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Verify that Internal Operations Diagnostics has "LogCollector" and "LogCollector2" set.

If there are a minimum of two logging targets selected for Internal Operations Diagnostics, this is not a finding.

Vulnerability Number

V-242597

Documentable

False

Rule Version

CSCO-NC-000230

Severity Override Guidance

Verify that a log will be generated and sent when a Logging Target becomes unavailable.

From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Verify that Internal Operations Diagnostics has "LogCollector" and "LogCollector2" set.

If there are a minimum of two logging targets selected for Internal Operations Diagnostics, this is not a finding.

Check Content Reference

M

Target Key

5383

Comments