Dynamic Host Configuration Protocol (DHCP) audit and event logs must record sufficient forensic data to be stored online for thirty days and offline for one year.

An XCCDF Rule

Details
Profiles

Description

In order to identify and combat IP address spoofing, it is highly recommended that the DHCP server logs MAC addresses and hostnames on the DHCP server, in addition to standard data such as IP address and date/time.

ID: SV-251361r853649_rule
Version: NET0198
Severity: Medium
References: CCI-001902
Updated: about 2 months ago

Remediation Templates

Configure the DHCP audit and event logs to log hostname and MAC addresses, in addition to IP address and date/time.

Store the logs for a minimum of thirty days online and then offline for one year.

Dynamic Host Configuration Protocol (DHCP) audit and event logs must record sufficient forensic data to be stored online for thirty days and offline for one year.

Description

Remediation Templates

A Manual Procedure