| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-215818 | CAT II | MONTPOINTGTWYRTR | Cisco IOS XE Router NDM Security Technic... | The Cisco router must produce audit records contai... | - | |||
Check TextReview the deny statements in all interface ACLs to determine if the log-input parameter has been configured as shown in the example below. Note: log-input can only apply to interface bound ACLs. ip access-list extended BLOCK_INBOUND deny icmp any any log-input If the router is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding. Fix TextConfigure the log-input parameter after any deny statements to provide the location as to where packets have been dropped via an ACL. R1(config)#ip access-list extended BLOCK_INBOUND R1(config-ext-nacl)#deny icmp any any log-input Finding DetailsEvaluate-STIG 1.2507.5 (Scan-CiscoXERouterNDM_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 949FD62A829175C2132E70DF0486F90EB24C9A8A ~~~~~ All 'deny' statements are configured to log.
Source: _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl
Scan Date: 2026-01-14T12:57:25.013310
Technology Area: Internal Network
|
||||||||