STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must generate audit records containing the full-text recording of privileged commands.

DISA Rule

SV-242663r714299_rule

Vulnerability Number

V-242663

Group Title

SRG-APP-000101-NDM-000231

Rule Version

CSCO-NM-000720

Severity

CAT II

CCI(s)

• CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Weight

10

Fix Recommendation

Enable the logging categories as required by the SSP based on mission requirements for Cisco ISE to send auditable events to the syslog target.

From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Click the radio button next to the Administrative and Operational Audit logging category and then click "Edit".
3. Choose INFO from the Log Severity Level drop-down list.
4. In the Targets field, move the syslog target name that is being used to the Selected box.
5. Repeat steps 2 and 3 with the selection of other category levels required based on organizational mission and SSP.
6. Click "Save".

Check Contents

Verify the logging categories as required by the SSP based on mission requirements for Cisco ISE are configured.

From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Click the radio button for each logging category and verify it is set. Verify all categories required by the SSP are set. Verify the appropriate severity level (usually WARNING is set).

If the logging category required by the SSP is not configured and sent to the central syslog server target, this is a finding.

Vulnerability Number

V-242663

Documentable

False

Rule Version

CSCO-NM-000720

Severity Override Guidance

Verify the logging categories as required by the SSP based on mission requirements for Cisco ISE are configured.

From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Click the radio button for each logging category and verify it is set. Verify all categories required by the SSP are set. Verify the appropriate severity level (usually WARNING is set).

If the logging category required by the SSP is not configured and sent to the central syslog server target, this is a finding.

Check Content Reference

M

Target Key

5384

Comments