CISC-ND-000980 – The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

Details

To ensure that network devices have a sufficient storage capacity in which to write the audit logs, they need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial device setup if it is modifiable.

The value for the organization-defined audit record storage requirement will depend on the amount of storage available on the network device, the anticipated volume of logs, the frequency of transfer from the network device to centralized log servers, and other factors.

Solution

Configure the buffer size for logging as shown in the example below:

SW2(config)#logging buffered xxxxxxxx informational

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_IOS_Switch_Y21M07_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Cisco.

References

800-53|AU-4
CAT|II
CCI|CCI-001849
Rule-ID|SV-220599r521267_rule
STIG-ID|CISC-ND-000980
STIG-Legacy|SV-110427
STIG-Legacy|V-101323
Vuln-ID|V-220599

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles