The Cisco ACI must generate log records for a locally developed list of auditable events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271944 | CACI-ND-000029 | SV-271944r1168370_rule | CCI-000169 | medium |
| Description | ||||
| Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured Cisco ACI. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. | ||||
| STIG | Date | |||
| Cisco ACI NDM Security Technical Implementation Guide | 2025-12-11 | |||
Details
Check Text (C-271944r1168370_chk)
Configure locally required events for auditing in compliance with the SSP:
1. Navigate to the "Contracts" section within the tenant.
2. View the existing contracts: Tenants >> {{your_tenant}} >> Contracts >> {{your_contract}} to verify that log is enabled for each filter.
If log is not enabled for each filter, this is a finding.
Fix Text (F-75901r1168369_fix)
Configure locally required events for auditing in compliance with the SSP:
1. Navigate to the "Contracts" section within the tenant.
2. View the existing contracts: Tenants >> {{your_tenant}} >> Contracts >> {{your_contract}}.
3. Check the directive to enable log is for each filter.