V-215818
CAT IIThe Cisco router must produce audit records containing information to establish where the events occurred.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 1
Check Text
Review the deny statements in all interface ACLs to determine if the log-input parameter has been configured as shown in the example below.
Note: log-input can only apply to interface bound ACLs.
ip access-list extended BLOCK_INBOUND
deny icmp any any log-input
If the router is not configured with the log-input parameter after any deny statements to note where packets have been dropped via an ACL, this is a finding.
Fix Text
Configure the log-input parameter after any deny statements to provide the location as to where packets have been dropped via an ACL.
R1(config)#ip access-list extended BLOCK_INBOUND
R1(config-ext-nacl)#deny icmp any any log-input
STIG Reference
- STIG
- Cisco IOS XE Router NDM Security Technical Implementation Guide
- Version
- 3
- Release
- 7
- Rule ID
- SV-215818r960897_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl | Unassigned | 2026-01-14T12:57:25.013310 | View in Context |