Dynamic Host Configuration Protocol (DHCP) audit and event logs must record hostnames and MAC addresses to be stored online for thirty days and offline for one year.

From Network Infrastructure Policy Security Technical Implementation Guide

Part of DHCP audit and event logs and info collected.

Associated with: CCI-001902

SV-8585r3_rule Dynamic Host Configuration Protocol (DHCP) audit and event logs must record hostnames and MAC addresses to be stored online for thirty days and offline for one year.

Vulnerability discussion

In order to identify and combat IP address spoofing, it is highly recommended that the DHCP server logs MAC addresses and hostnames on the DHCP server.

Check content

Verify the DHCP audit and event logs include hostnames and MAC addresses of all clients. Also, validate logs are kept online for thirty days and offline for one year. If the logs do not include hostnames and MAC addresses or if the logs are not kept online for thirty days and offline for one year, this is a finding.

Fix text

Configure the DHCP audit and event logs to log hostname and MAC addresses. Store the logs for a minimum of thirty days online and then offline for one year.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.