STIGQter: STIG Summary: Cisco IOS XR Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco router must produce audit records containing information to establish where the events occurred.

DISA Rule

SV-216528r531088_rule

Vulnerability Number

V-216528

Group Title

SRG-APP-000097-NDM-000227

Rule Version

CISC-ND-000290

Severity

CAT II

CCI(s)

• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.

Weight

10

Fix Recommendation

Configure the log-input parameter after any deny statements to provide the location as to where packets have been dropped via an ACL.

RP/0/0/CPU0:R3(config)#ipv4 access-list BLOCK_INBOUND
RP/0/0/CPU0:R3(config-ipv4-acl)#deny icmp any any log-input

Check Contents

Review the deny statements in all ACLs to determine if the log-input parameter has been configured as shown in the example below.

ipv4 access-list BLOCK_INBOUND
10 deny icmp any any log-input

If the router is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.

Vulnerability Number

V-216528

Documentable

False

Rule Version

CISC-ND-000290

Severity Override Guidance

Review the deny statements in all ACLs to determine if the log-input parameter has been configured as shown in the example below.

ipv4 access-list BLOCK_INBOUND
10 deny icmp any any log-input

If the router is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.

Check Content Reference

M

Target Key

4023

Comments