STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cisco IOS Router NDM Security Technical Implementation Guide

V-215670

CAT II (Medium)

The Cisco device must be configured to audit all administrator activity.

Rule ID

SV-215670r1205833_rule

STIG

Cisco IOS Router NDM Security Technical Implementation Guide

Version

V3R8

CCIs

CCI-000166CCI-002234CCI-000172CCI-002130CCI-000135CCI-001405CCI-001404CCI-001403CCI-000018

Discussion

This requirement supports nonrepudiation of actions taken by an administrator and is required to maintain the integrity of the configuration management process. All configuration changes to the network device are logged, and administrators authenticate with two-factor authentication before gaining administrative access. Together, these processes will ensure the administrators can be held accountable for the configuration changes they implement. To meet this requirement, the network device must log administrator access and activity.

Check Content

Review the Cisco router configuration to verify that it is compliant with this requirement as shown in the example below.

hostname R1
!
logging userinfo
!
…
…
…
archive
 log config
 logging enable
 logging size 1000
 notify syslog contenttype plaintext
 hidekeys
!

Note: The logging userinfo global configuration command will generate a log when a user increases their privilege level.

If logging of administrator activity is not configured, this is a finding.

Fix Text

Configure the router to log administrator activity as shown in the example below.

R1(config)#logging userinfo
R1(config)#archive
R1(config-archive)#log config
R1(config-archive-log-cfg)#logging enable
R1(config-archive-log-cfg)#logging size 1000
R1(config-archive-log-cfg)#notify syslog contenttype plaintext
R1(config-archive-log-cfg)#hidekeys
R1(config-archive-log-cfg)#end