The Cisco ACI must generate log records for a locally developed list of auditable events.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-271944 | SRG-APP-000516-NDM-000334 | CACI-ND-000029 | SV-271944r1113846_rule | 2025-06-13 | 1 |
| Description |
|---|
| Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured Cisco ACI. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. |
| ℹ️ Check |
|---|
| Configure locally required events for auditing in compliance with the SSP: 1. Navigate to the Contracts section within the tenant. 2. Within the filter directives, select "Log" to enable logging for permit or deny actions on that filter. If locally required events that require auditing are not set to log, this is a finding. |
| ✔️ Fix |
|---|
| Configure locally required events for auditing in compliance with the SSP: 1. Navigate to the "Contracts" section within the tenant. 2. Within the filter directives, verify the "Log" is enabled for permit or deny actions on that filter. |