STIGQter: STIG Summary: Cisco IOS XR Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco router must be configured to generate an alert for all audit failure events.

DISA Rule

SV-216534r531088_rule

Vulnerability Number

V-216534

Group Title

SRG-APP-000360-NDM-000295

Rule Version

CISC-ND-001000

Severity

CAT II

CCI(s)

• CCI-001858 - The information system provides a real-time alert in an organization-defined real-time period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Weight

10

Fix Recommendation

Configure the Cisco router to send critical to emergency log messages to the syslog server as shown in the example below.

RP/0/0/CPU0:R3(config)#logging 10.1.12.7 severity critical

Note: The parameter "critical" can replaced with a lesser severity level (i.e., error, warning, notice, informational).

Check Contents

Review the Cisco router configuration to verify that it is compliant with this requirement as shown in the example below.

logging 10.1.12.7 vrf default severity critical

Note: The parameter "critical" can be replaced with a lesser severity level (i.e., error, warning, notice, informational).

If the Cisco router is not configured to generate an alert for all audit failure events, this is a finding.

Vulnerability Number

V-216534

Documentable

False

Rule Version

CISC-ND-001000

Severity Override Guidance

Review the Cisco router configuration to verify that it is compliant with this requirement as shown in the example below.

logging 10.1.12.7 vrf default severity critical

Note: The parameter "critical" can be replaced with a lesser severity level (i.e., error, warning, notice, informational).

If the Cisco router is not configured to generate an alert for all audit failure events, this is a finding.

Check Content Reference

M

Target Key

4023

Comments