The Arista network device must be configured to capture all DOD auditable events.

An XCCDF Rule

Description

<VulnDiscussion>Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. Satisfies: SRG-APP-000095-NDM-000225, SRG-APP-000096-NDM-000226, SRG-APP-000097-NDM-000227, SRG-APP-000098-NDM-000228, SRG-APP-000099-NDM-000229, SRG-APP-000100-NDM-000230, SRG-APP-000516-NDM-000334, SRG-APP-000357-NDM-000293, SRG-APP-000360-NDM-000295, SRG-APP-000505-NDM-000322</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-255962r960891_rule
Severity: Medium
References: CCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000169 CCI-000172 CCI-001487 CCI-001849 CCI-001858
Updated: 17 days ago

Configure a logging level sufficient to capture all DOD auditable events.

switch(config)#logging buffered informational
switch(config)#logging trap informational

NOTE: Acceptable settings include debugging, informational, and notifications to adjust syslog server traffic impact. Setting to higher severity levels can cause necessary lower-level events to be missed.

The Arista network device must be configured to capture all DOD auditable events.

Description

Remediation - Manual Procedure