STIGQter: STIG Summary: Cisco IOS XE Switch NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco switch must produce audit records containing information to establish where the events occurred.

DISA Rule

SV-220529r531084_rule

Vulnerability Number

V-220529

Group Title

SRG-APP-000097-NDM-000227

Rule Version

CISC-ND-000290

Severity

CAT II

CCI(s)

• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.

Weight

10

Fix Recommendation

Configure the log-input parameter after any deny statements to provide the location as to where packets have been dropped via an ACL.

SW1(config)#ip access-list extended BLOCK_INBOUND
SW1(config-ext-nacl)#deny icmp any any log-input

Check Contents

Review the deny statements in all ACLs to determine if the log-input parameter has been configured as shown in the example below:

ip access-list extended BLOCK_INBOUND
deny icmp any any log-input

If the switch is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.

Vulnerability Number

V-220529

Documentable

False

Rule Version

CISC-ND-000290

Severity Override Guidance

Review the deny statements in all ACLs to determine if the log-input parameter has been configured as shown in the example below:

ip access-list extended BLOCK_INBOUND
deny icmp any any log-input

If the switch is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.

Check Content Reference

M

Target Key

4067

Comments