Free DISA STIG and SRG Library | Vaulted

V-73987

The Cisco IOS XE router must initiate session auditing upon startup.

Finding ID
CISR-ND-000026
Rule ID
SV-88661r2_rule
Severity
Cat III
CCE
(None)
Group Title
SRG-APP-000092-NDM-000224
CCI
CCI-001464
Target Key
(None)
Documentable
No
Discussion

If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.

Fix Text

Enter the following commands to enable auditing. The configuration will look similar to the example below: logging userinfo login on-failure log login on-success log archive log config logging enable logging size 1000 notify syslog contenttype plaintext hidekeys

Check Content

Verify that logging is properly configured on the Cisco IOS XE router. The configuration will look similar to the example below: logging userinfo login on-failure log login on-success log archive log config logging enable logging size 1000 notify syslog contenttype plaintext hidekeys If logging is not configured, this is a finding.