The Cisco ACI must generate log records for a locally developed list of auditable events.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-271944 | SRG-APP-000516-NDM-000334 | CACI-ND-000029 | SV-271944r1168370_rule | 2025-12-11 | 1 |
| Description |
|---|
| Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured Cisco ACI. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. |
| ℹ️ Check |
|---|
| Configure locally required events for auditing in compliance with the SSP: 1. Navigate to the "Contracts" section within the tenant. 2. View the existing contracts: Tenants >> {{your_tenant}} >> Contracts >> {{your_contract}} to verify that log is enabled for each filter. If log is not enabled for each filter, this is a finding. |
| ✔️ Fix |
|---|
| Configure locally required events for auditing in compliance with the SSP: 1. Navigate to the "Contracts" section within the tenant. 2. View the existing contracts: Tenants >> {{your_tenant}} >> Contracts >> {{your_contract}}. 3. Check the directive to enable log is for each filter. |