The Cisco ACI must generate log records for a locally developed list of auditable events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271944 | CACI-ND-000029 | SV-271944r1113846_rule | CCI-000169 | medium |
| Description | ||||
| Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured Cisco ACI. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. | ||||
| STIG | Date | |||
| Cisco ACI NDM Security Technical Implementation Guide | 2025-06-13 | |||
Details
Check Text (C-271944r1113846_chk)
Configure locally required events for auditing in compliance with the SSP:
1. Navigate to the Contracts section within the tenant.
2. Within the filter directives, select "Log" to enable logging for permit or deny actions on that filter.
If locally required events that require auditing are not set to log, this is a finding.
Fix Text (F-75901r1064005_fix)
Configure locally required events for auditing in compliance with the SSP:
1. Navigate to the "Contracts" section within the tenant.
2. Within the filter directives, verify the "Log" is enabled for permit or deny actions on that filter.