The Arista network device must be configured to capture all DOD auditable events.

An XCCDF Rule

Description

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. Satisfies: SRG-APP-000095-NDM-000225, SRG-APP-000096-NDM-000226, SRG-APP-000097-NDM-000227, SRG-APP-000098-NDM-000228, SRG-APP-000099-NDM-000229, SRG-APP-000100-NDM-000230, SRG-APP-000516-NDM-000334, SRG-APP-000357-NDM-000293, SRG-APP-000360-NDM-000295, SRG-APP-000505-NDM-000322

ID: SV-255962r960891_rule
Version: ARST-ND-000790
Severity: Medium
References: CCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000169 CCI-000172 CCI-001487 CCI-001849 CCI-001858
Updated: 2 days ago

Remediation Templates

Configure a logging level sufficient to capture all DOD auditable events.

switch(config)#logging buffered informational
switch(config)#logging trap informational

NOTE: Acceptable settings include debugging, informational, and notifications to adjust syslog server traffic impact. Setting to higher severity levels can cause necessary lower-level events to be missed.

The Arista network device must be configured to capture all DOD auditable events.

Description

Remediation Templates

A Manual Procedure