CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event - vpnfo

Information

Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event.

Solution

Configure the ASA to generate logs containing information to establish the identity of any individual or process associated with the event as shown in the example below.

ciscoasa(config)# logging class vpn trap notifications
ciscoasa(config)# logging class vpnc trap notifications
ciscoasa(config)# logging class vpnfo trap notifications
ciscoasa(config)# logging class webvpn trap notifications
ciscoasa(config)# logging class webfo trap notifications
ciscoasa(config)# logging class svc trap notifications
ciscoasa(config)# end

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_Y22M04_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, CAT|II, CCI|CCI-001487, Rule-ID|SV-239971r666319_rule, STIG-ID|CASA-VN-000500, Vuln-ID|V-239971

Plugin: Cisco

Control ID: c8f6171f8a68d95f6c39347d151b949289a92d854f35937a7ee0f8388c7abf07