|Finding ID||Version||Rule ID||IA Controls||Severity|
|In order to identify and combat IP address spoofing, it is highly recommended that the DHCP server logs MAC addresses and hostnames on the DHCP server.|
|Network Infrastructure Policy Security Technical Implementation Guide||2018-09-27|
|Check Text ( C-7480r3_chk )|
| Verify the DHCP audit and event logs include hostnames and MAC addresses of all clients. Also, validate logs are kept online for thirty days and offline for one year. |
If the logs do not include hostnames and MAC addresses or if the logs are not kept online for thirty days and offline for one year, this is a finding.
|Fix Text (F-7674r3_fix)|
| Configure the DHCP audit and event logs to log hostname and MAC addresses. |
Store the logs for a minimum of thirty days online and then offline for one year.