STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must generate log records for a locally developed list of auditable events.

DISA Rule

SV-242636r714218_rule

Vulnerability Number

V-242636

Group Title

SRG-APP-000516-NDM-000334

Rule Version

CSCO-NM-000300

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Enable logging categories for Cisco ISE to send auditable events to the remote syslog target.

1. Log in to the Admin portal.
2. Choose Administration >> System >> Logging >> Logging Categories.
3. Click the radio button next to the desired logging category that pertains to the local list of auditable events and then click "Edit".
4. Choose the Log Severity Level drop-down list.
5. In the Targets field, move the syslog remote logging target to the Selected box.
6. Click "Save".
7. Repeat this procedure to enable all locally logging categories that pertain to the local list of auditable events.

Check Contents

View the SSP syslog requirements. View the logging categories for Cisco ISE to verify the logging categories that pertain to the corresponding locally developed list of auditable events are enabled, configured, and being sent to the remote syslog target.

1. Log in to the Admin portal.
2. Choose Administration >> System >> Logging >> Logging Categories.
3. Click the radio button next to the desired logging category that pertains to the local list of auditable events and then click "Edit".
4. Choose the Log Severity Level drop-down list.
5. In the Targets field, move the secure syslog remote logging target to the Selected box.
6. Click "Save".
7. Repeat this procedure to enable all locally logging categories that pertain to the local list of auditable events.

If the Cisco ISE does not generate log records for a locally developed list of auditable events, this is a finding.

Vulnerability Number

V-242636

Documentable

False

Rule Version

CSCO-NM-000300

Severity Override Guidance

View the SSP syslog requirements. View the logging categories for Cisco ISE to verify the logging categories that pertain to the corresponding locally developed list of auditable events are enabled, configured, and being sent to the remote syslog target.

1. Log in to the Admin portal.
2. Choose Administration >> System >> Logging >> Logging Categories.
3. Click the radio button next to the desired logging category that pertains to the local list of auditable events and then click "Edit".
4. Choose the Log Severity Level drop-down list.
5. In the Targets field, move the secure syslog remote logging target to the Selected box.
6. Click "Save".
7. Repeat this procedure to enable all locally logging categories that pertain to the local list of auditable events.

If the Cisco ISE does not generate log records for a locally developed list of auditable events, this is a finding.

Check Content Reference

M

Target Key

5384

Comments