STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must limit audit record storage capacity for all locally stored logs.

DISA Rule

SV-242626r714188_rule

Vulnerability Number

V-242626

Group Title

SRG-APP-000357-NDM-000293

Rule Version

CSCO-NM-000200

Severity

CAT II

CCI(s)

• CCI-001849 - The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements.

Weight

10

Fix Recommendation

Configure syslog purge settings. Use the following process to delete local logs after a certain period of time. This is set based on the local environment and size of the implementation.

1. Choose Administration >> System >> Logging >> Local Log Settings.
2. In the Local Log Storage Period field, enter the maximum number of days to keep the log entries in the configuration source.
3. Click "Delete Logs Now" to delete the existing log files at any time before the expiration of the storage period.
4. Click "Save".

Note: The system is designed to delete logs if the size of the localStore folder reaches 97 GB, regardless of the configured Local Log Storage Period.

Check Contents

Examine the local log purge setting.

show logging internal
or
Choose Administration >> System >> Logging >> Local Log Settings >> Local Log Storage Period.

If local logs are set to purge after a locally established period, this is not a finding.

Vulnerability Number

V-242626

Documentable

False

Rule Version

CSCO-NM-000200

Severity Override Guidance

Examine the local log purge setting.

show logging internal
or
Choose Administration >> System >> Logging >> Local Log Settings >> Local Log Storage Period.

If local logs are set to purge after a locally established period, this is not a finding.

Check Content Reference

M

Target Key

5384

Comments