The Cisco router must be configured to generate an alert for all audit failure events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216534 | CISC-ND-001000 | SV-216534r991930_rule | CCI-001858 | medium |
| Description | ||||
| It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less). | ||||
| STIG | Date | |||
| Cisco IOS XR Router NDM Security Technical Implementation Guide | 2025-05-19 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-5(2)
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001858
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-216534r991930_chk)
Review the Cisco router configuration to verify that it is compliant with this requirement as shown in the example below.
logging 10.1.12.7 vrf default severity critical
Note: The parameter "critical" can be replaced with a lesser severity level (i.e., error, warning, notice, informational).
If the Cisco router is not configured to generate an alert for all audit failure events, this is a finding.
Fix Text (F-17766r288289_fix)
Configure the Cisco router to send critical to emergency log messages to the syslog server as shown in the example below.
RP/0/0/CPU0:R3(config)#logging 10.1.12.7 severity critical
Note: The parameter "critical" can replaced with a lesser severity level (i.e., error, warning, notice, informational).