The Central Log Server that aggregates log records from hosts and devices must be configured to use TCP for transmission.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-206513 | SRG-APP-000516-AU-000340 | SV-206513r961863_rule | CCI-000366 | medium |
| Description | ||||
| If the default UDP protocol is used for communication between the hosts and devices to the Central Log Server, then log records that do not reach the log server are not detected as a data loss. The use of TCP to transport log records to the log servers improves delivery reliability, adds data integrity, and gives the option to encrypt the traffic if the log server communication is not protected using a management network (preferred) or VPN based on mission requirements. | ||||
| STIG | Date | |||
| Central Log Server Security Requirements Guide | 2024-12-04 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-206513r961863_chk)
Examine the configuration.
Verify the Central Log Server is configured to use TCP.
If the Central Log Server is not configured to use TCP, this is a finding.
Fix Text (F-6773r285781_fix)
Configure the Central Log Server that aggregates log records from hosts and devices to use TCP for transmission.