Detections
Analytics

DISA STIG Cisco ASA NDM v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Cisco ASA NDM v1r1

Updated: 5/31/2023

Authority: DISA STIG

Plugin: Cisco

Revision: 1.6

Estimated Item Count: 95

Audit Changelog

Ā 
Revision 1.6

May 31, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.5

May 11, 2023

Functional Update
  • CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts - logging trap
Revision 1.4

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
  • Variables updated.
Revision 1.3

Dec 7, 2022

Miscellaneous
  • Metadata updated.
Revision 1.2

Jun 10, 2022

Informational Update
  • CASA-ND-000010 - The Cisco ASA must be configured to limit the number of concurrent management sessions to an organization-defined number.
  • CASA-ND-000140 - The Cisco ASA must be configured to enforce approved authorizations for controlling the flow of management information within the Cisco ASA based on information flow control policies.
  • CASA-ND-000160 - The Cisco ASA must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
  • CASA-ND-000270 - The Cisco ASA must be configured to produce audit records containing information to establish when (date and time) the events occurred.
  • CASA-ND-000490 - The Cisco ASA must be configured to enforce a minimum 15-character password length.
  • CASA-ND-000520 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used.
  • CASA-ND-000530 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one lowercase character be used.
  • CASA-ND-000550 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one numeric character be used.
  • CASA-ND-000570 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one special character be used.
  • CASA-ND-000580 - The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
  • CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
  • CASA-ND-000970 - The Cisco ASA must be configured to record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
  • CASA-ND-000980 - The Cisco ASA must be configured to record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
  • CASA-ND-001350 - The Cisco ASA must be configured to conduct backups of system-level information contained in the information system when changes occur.
  • CASA-ND-001370 - The Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.
  • CASA-ND-001420 - The Cisco ASA must be running an operating system release that is currently supported by Cisco Systems.
Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • See also link updated.
Added
  • CASA-ND-000090 - The Cisco ASA must be configured to automatically audit account creation - Buffer Enabled
  • CASA-ND-000090 - The Cisco ASA must be configured to automatically audit account creation - logging enable
  • CASA-ND-000100 - The Cisco ASA must be configured to automatically audit account modification - Buffer Enabled
  • CASA-ND-000100 - The Cisco ASA must be configured to automatically audit account modification - logging enabled
  • CASA-ND-000110 - The Cisco ASA must be configured to automatically audit account disabling actions - Buffer Enabled
  • CASA-ND-000110 - The Cisco ASA must be configured to automatically audit account disabling actions - logging enabled
  • CASA-ND-000120 - The Cisco ASA must be configured to automatically audit account removal actions - Buffer Enabled
  • CASA-ND-000120 - The Cisco ASA must be configured to automatically audit account removal actions - logging enabled
  • CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation - buffered informational
  • CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation - logging enable
  • CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur - buffered informational
  • CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur - logging enable
  • CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred - buffered informational
  • CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred - logging enable
  • CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred - buffered informational
  • CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred - logging enable
  • CASA-ND-000290 - The Cisco ASA must be configured to produce audit log records containing information to establish the source of events - buffered informational
  • CASA-ND-000290 - The Cisco ASA must be configured to produce audit log records containing information to establish the source of events - logging enable
  • CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event - buffered informational
  • CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event - logging enable
  • CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands - buffered informational
  • CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands - logging enable
  • CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services - HTTP
  • CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services - Telnet
  • CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - serial
  • CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - ssh
  • CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - username
  • CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - fips enabled
  • CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh cipher
  • CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh key-exchange
  • CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh version
  • CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements - console timeout
  • CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements - http server
  • CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions - Buffer Enabled
  • CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions - logging enabled
  • CASA-ND-000920 - The Cisco ASA must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements - maximum
  • CASA-ND-000920 - The Cisco ASA must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements - minimum
  • CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts - logging host
  • CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts - logging trap
  • CASA-ND-000940 - The Cisco ASA must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources - ntp server
  • CASA-ND-000940 - The Cisco ASA must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources - ntp server prefer
  • CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC) - group
  • CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC) - host
  • CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC) - user
  • CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm - group
  • CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm - host
  • CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm - user
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - md5
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - ntp authenticate
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - ntp server
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - ntp server prefer
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - ntp trusted-key
  • CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications - group
  • CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications - host
  • CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications - user
  • CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions - ssh cipher
  • CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions - ssh key-exchange
  • CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of Denial of Service (DoS) attacks by enabling the Threat Detection feature
  • CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur - logging buffered
  • CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur - logging enabled
  • CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur - logging buffered
  • CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur - logging enabled
  • CASA-ND-001220 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful logon attempts occur - logging buffered
  • CASA-ND-001220 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful logon attempts occur - logging enabled
  • CASA-ND-001230 - The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access - logging buffered
  • CASA-ND-001230 - The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access - logging enabled
  • CASA-ND-001240 - The Cisco ASA must be configured to generate audit records showing starting and ending time for administrator access to the system - logging buffered
  • CASA-ND-001240 - The Cisco ASA must be configured to generate audit records showing starting and ending time for administrator access to the system - logging enabled
  • CASA-ND-001250 - The Cisco ASA must be configured to generate audit records when concurrent logons from different workstations occur - logging buffered
  • CASA-ND-001250 - The Cisco ASA must be configured to generate audit records when concurrent logons from different workstations occur - logging enabled
  • CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging host
  • CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging trap
  • CASA-ND-001310 - The Cisco ASA must be configured to use an authentication server to authenticate users prior to granting administrative access - protocol
  • CASA-ND-001310 - The Cisco ASA must be configured to use an authentication server to authenticate users prior to granting administrative access - radius group
  • CASA-ND-001310 - The Cisco ASA must be configured to use an authentication server to authenticate users prior to granting administrative access - serial console
  • CASA-ND-001310 - The Cisco ASA must be configured to use an authentication server to authenticate users prior to granting administrative access - ssh console
  • CASA-ND-001410 - The Cisco ASA must be configured to send log data to a central log server for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator - logging host
  • CASA-ND-001410 - The Cisco ASA must be configured to send log data to a central log server for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator - logging trap
  • DISA_STIG_Cisco_ASA_NDM_v1r1.audit from DISA Cisco ASA NDM v1r1 STIG
Removed
  • CASA-ND-000090 - The Cisco ASA must be configured to automatically audit account creation. - Buffer Enabled
  • CASA-ND-000090 - The Cisco ASA must be configured to automatically audit account creation. - logging enable
  • CASA-ND-000100 - The Cisco ASA must be configured to automatically audit account modification. - Buffer Enabled
  • CASA-ND-000100 - The Cisco ASA must be configured to automatically audit account modification. - logging enabled
  • CASA-ND-000110 - The Cisco ASA must be configured to automatically audit account disabling actions. - Buffer Enabled
  • CASA-ND-000110 - The Cisco ASA must be configured to automatically audit account disabling actions. - logging enabled
  • CASA-ND-000120 - The Cisco ASA must be configured to automatically audit account removal actions. - Buffer Enabled
  • CASA-ND-000120 - The Cisco ASA must be configured to automatically audit account removal actions. - logging enabled
  • CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. - buffered informational
  • CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. - logging enable
  • CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur. - buffered informational
  • CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur. - logging enable
  • CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred. - buffered informational
  • CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred. - logging enable
  • CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred. - buffered informational
  • CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred. - logging enable
  • CASA-ND-000290 - The Cisco ASA must be configured to produce audit log records containing information to establish the source of events. - buffered informational
  • CASA-ND-000290 - The Cisco ASA must be configured to produce audit log records containing information to establish the source of events. - logging enable
  • CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event. - buffered informational
  • CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event. - logging enable
  • CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands. - buffered informational
  • CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands. - logging enable
  • CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services. - HTTP
  • CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services. - Telnet
  • CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. - serial
  • CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. - ssh
  • CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. - username
  • CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. - fips enabled
  • CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. - ssh cipher
  • CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. - ssh key-exchange
  • CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. - ssh version
  • CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements. - console timeout
  • CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements. - http server
  • CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions. - Buffer Enabled
  • CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions. - logging enabled
  • CASA-ND-000920 - The Cisco ASA must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. - maximum
  • CASA-ND-000920 - The Cisco ASA must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. - minimum
  • CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts. - logging host
  • CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts. - logging trap
  • CASA-ND-000940 - The Cisco ASA must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources. - ntp server
  • CASA-ND-000940 - The Cisco ASA must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources. - ntp server prefer
  • CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). - group
  • CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). - host
  • CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). - user
  • CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm. - group
  • CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm. - host
  • CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm. - user
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based. - md5
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based. - ntp authenticate
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based. - ntp server
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based. - ntp server prefer
  • CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based. - ntp trusted-key
  • CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications. - group
  • CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications. - host
  • CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications. - user
  • CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. - ssh cipher
  • CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. - ssh key-exchange
  • CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of Denial of Service (DoS) attacks by enabling the Threat Detection feature.
  • CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. - logging buffered
  • CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. - logging enabled
  • CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. - logging buffered
  • CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. - logging enabled
  • CASA-ND-001220 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful logon attempts occur. - logging buffered
  • CASA-ND-001220 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful logon attempts occur. - logging enabled
  • CASA-ND-001230 - The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access. - logging buffered
  • CASA-ND-001230 - The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access. - logging enabled
  • CASA-ND-001240 - The Cisco ASA must be configured to generate audit records showing starting and ending time for administrator access to the system. - logging buffered
  • CASA-ND-001240 - The Cisco ASA must be configured to generate audit records showing starting and ending time for administrator access to the system. - logging enabled
  • CASA-ND-001250 - The Cisco ASA must be configured to generate audit records when concurrent logons from different workstations occur. - logging buffered
  • CASA-ND-001250 - The Cisco ASA must be configured to generate audit records when concurrent logons from different workstations occur. - logging enabled
  • CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited. - logging host
  • CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited. - logging trap
  • CASA-ND-001310 - The Cisco ASA must be configured to use an authentication server to authenticate users prior to granting administrative access. - protocol
  • CASA-ND-001310 - The Cisco ASA must be configured to use an authentication server to authenticate users prior to granting administrative access. - radius group
  • CASA-ND-001310 - The Cisco ASA must be configured to use an authentication server to authenticate users prior to granting administrative access. - serial console
  • CASA-ND-001310 - The Cisco ASA must be configured to use an authentication server to authenticate users prior to granting administrative access. - ssh console
  • CASA-ND-001410 - The Cisco ASA must be configured to send log data to a central log server for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator. - logging host
  • CASA-ND-001410 - The Cisco ASA must be configured to send log data to a central log server for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator. - logging trap
  • DISA_STIG_Cisco_ASA_NDM_v1r1.audit from DISA Cisco ASA v1r1 STIG
Revision 1.1

Apr 25, 2022

Miscellaneous
  • Metadata updated.
  • References updated.