STIGQter: STIG Summary: Cisco IOS Switch NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco switch must produce audit records containing information to establish where the events occurred.

DISA Rule

SV-220581r521267_rule

Vulnerability Number

V-220581

Group Title

SRG-APP-000097-NDM-000227

Rule Version

CISC-ND-000290

Severity

CAT II

CCI(s)

• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.

Weight

10

Fix Recommendation

Configure the log-input parameter after any deny statements to provide the location as to where packets have been dropped via an ACL:

SW1(config)#ip access-list extended BLOCK_INBOUND
SW1(config-ext-nacl)#deny icmp any any log-input

Check Contents

Review the deny statements in all access control lists (ACLs) to determine if the log-input parameter has been configured as shown in the example below:

ip access-list extended BLOCK_INBOUND
deny icmp any any log-input

If the switch is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.

Vulnerability Number

V-220581

Documentable

False

Rule Version

CISC-ND-000290

Severity Override Guidance

Review the deny statements in all access control lists (ACLs) to determine if the log-input parameter has been configured as shown in the example below:

ip access-list extended BLOCK_INBOUND
deny icmp any any log-input

If the switch is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.

Check Content Reference

M

Target Key

4069

Comments