The Cisco ASA must be configured to record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-239925 | CASA-ND-000970 | SV-239925r961446_rule | CCI-001889 | medium |
| Description | ||||
| Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the application include date and time. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks. | ||||
| STIG | Date | |||
| Cisco ASA NDM Security Technical Implementation Guide | 2025-05-19 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-8
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.3.7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001889
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-239925r961446_chk)
Verify the ASA is configured to include the time on all log records as shown in the configuration example below.
logging timestamp
If time stamp is not configured, this is a finding.
Fix Text (F-43117r666137_fix)
Configure the ASA to include the time on all log records as shown in the example below.
ASA(config)# logging timestamp