The Nokia router must be configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-283790NOKI-ND-000950SV-283790r1203415_ruleCCI-003831medium
Description
Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits to authorized individuals the ability to access and execute audit logging tools. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls.
STIGDate
Nokia Service Router OS 25.x Network Device Management Security Technical Implementation Guide2026-06-15

Details

Check Text (C-283790r1203415_chk)

Verify the Nokia router is configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. Verify syslog has been configured, as shown in the example below: - show log syslog Syslog Target Hosts Syslog Name Id Ip Address Port Sev Level Below Level Drop Facility Prefix TLS Profile ------------------------------------------------------------------------------- 1 1 1.1.1.1 514 info 0 local7 yes If the syslog trap has not been configured, this is a finding.

Fix Text (F-88260r1203414_fix)

Configure the Nokia router to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. When a log file "source" is set to "security", it will capture log modifications and deletions. These events are reported in real time through syslog and snmp traps. Configure syslog: - configure log syslog <syslog id> - address <syslog server ip address> - level <messages with severity level equal or higher to be reported- recommend warning> - prefix <prefix message that will show up for each log entry> - configure log log-id <log id> - from security - to <syslog-id > Configure snmpv3: Configure the snmpv3 access group: - configure system security snmp access group <group name> security -model usm security-level privacy read "iso" write "iso" notify "iso" The deletion of audit information is controlled through user privileges. Log files can be created to configure the snmpv3 user: - configure system security user <user name> - access console snmp - password <password> - group <group name> - authentication algorithm> <authen key> privacy <algorith> <privacy key> Configure the snmp trap log file: - configure log snmp-trp-group <log-id> - trap-target <name> address <ip address of server> snmpv3 notify-community <snmpv3 security name> security-level privacy - configure log log-id <id> - from security main change - to snmp