The Cisco ACI must generate log records for a locally developed list of auditable events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271944 | CACI-ND-000029 | SV-271944r1113846_rule | CCI-000169 | medium |
| Description | ||||
| Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured Cisco ACI. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. | ||||
| STIG | Date | |||
| Cisco ACI NDM Security Technical Implementation Guide | 2025-06-13 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-12
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.3.1
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.3.2
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000169
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-271944r1113846_chk)
Configure locally required events for auditing in compliance with the SSP:
1. Navigate to the Contracts section within the tenant.
2. Within the filter directives, select "Log" to enable logging for permit or deny actions on that filter.
If locally required events that require auditing are not set to log, this is a finding.
Fix Text (F-75901r1064005_fix)
Configure locally required events for auditing in compliance with the SSP:
1. Navigate to the "Contracts" section within the tenant.
2. Within the filter directives, verify the "Log" is enabled for permit or deny actions on that filter.