STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Network Infrastructure Policy Security Technical Implementation Guide

V-251361

CAT II (Medium)

Dynamic Host Configuration Protocol (DHCP) audit and event logs must record sufficient forensic data to be stored online for thirty days and offline for one year.

Rule ID

SV-251361r853649_rule

STIG

Network Infrastructure Policy Security Technical Implementation Guide

Version

V10R7

CCIs

CCI-001902

Discussion

In order to identify and combat IP address spoofing, it is highly recommended that the DHCP server logs MAC addresses and hostnames on the DHCP server, in addition to standard data such as IP address and date/time.

Check Content

Verify the DHCP audit and event logs include hostnames and MAC addresses of all clients, in addition to IP address and date/time.  Also, validate logs are kept online for thirty days and offline for one year.

If the logs do not include hostnames and MAC addresses along with the IP address and date/time, or if the logs are not kept online for thirty days and offline for one year, this is a finding.

Fix Text

Configure the DHCP audit and event logs to log hostname and MAC addresses, in addition to IP address and date/time.

Store the logs for a minimum of thirty days online and then offline for one year.