STIGQter: STIG Summary: Cisco IOS Switch NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco IOS Switch NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-220610r521267_rule
V-220610
SRG-APP-000495-NDM-000318
CISC-ND-001240
CAT II
10
Configure the Cisco switch to generate log records when account privileges are modified as shown in the example below:
SW4(config)#logging userinfo
SW4(config)#archive
SW4(config-archive)#log config
SW4(config-archive-log-cfg)#logging enable
SW4(config-archive-log-cfg)#end
Review the Cisco switch configuration to verify that it generates log records when administrator privileges are modified as shown in the examples below:
hostname R4
!
!
logging userinfo
…
…
…
archive
log config
logging enable
Note: The logging userinfo command will log when the administrator increases his or her privilege level, while the log config command will log all configuration changes, such as changing privilege levels for certain commands.
If the Cisco switch is not configured to generate log records when administrator privileges are modified, this is a finding.
V-220610
False
CISC-ND-001240
Review the Cisco switch configuration to verify that it generates log records when administrator privileges are modified as shown in the examples below:
hostname R4
!
!
logging userinfo
…
…
…
archive
log config
logging enable
Note: The logging userinfo command will log when the administrator increases his or her privilege level, while the log config command will log all configuration changes, such as changing privilege levels for certain commands.
If the Cisco switch is not configured to generate log records when administrator privileges are modified, this is a finding.
M
4069