STIGQter: STIG Summary: F5 BIG-IP Device Management 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP appliance must be configured to use NIAP evaluated cryptographic mechanisms to protect the integrity of audit information at rest.

DISA Rule

SV-228987r557520_rule

Vulnerability Number

V-228987

Group Title

SRG-APP-000516-NDM-000317

Rule Version

F5BI-DM-000087

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.
CCI-001350 - The information system implements cryptographic mechanisms to protect the integrity of audit information.

Weight

Fix Recommendation

Configure the BIG-IP appliance to off-load audit information to a system that uses NIAP evaluated cryptographic mechanisms to protect the integrity of audit information at rest.

Check Contents

Verify the BIG-IP appliance is configured to off-load audit information to a logging system that uses NIAP evaluated cryptographic mechanisms to protect the integrity of audit information at rest.

Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging.

Verify a syslog destination is configured that uses NIAP evaluated cryptographic mechanisms to protect the integrity of audit information at rest.

If the BIG-IP appliance does not off-load audit information to a remote logging system that uses NIAP evaluated cryptographic mechanisms to protect the integrity of audit information at rest, this is a finding.

The BIG-IP appliance must be configured to use NIAP evaluated cryptographic mechanisms to protect the integrity of audit information at rest.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments