STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed.

DISA Rule

SV-77347r1_rule

Vulnerability Number

V-62857

Group Title

SRG-APP-000343-NDM-000289

Rule Version

RICX-DM-000023

Severity

CAT III

CCI(s)

• CCI-002234 - The information system audits the execution of privileged functions.

Weight

10

Fix Recommendation

Since all commands on the device are privileged commands, the following command ensures execution of commands are sent to the Syslog Server.

Navigate to the Device Management Console
Navigate to Configure >> System Settings >> Logging

Under "Remote Log Servers", click "Add a New Log Server"
Enter the server IP address

Under Logging Configurations >> Minimum Severity, select "Info"

Click "Add"

Add an IP and Minimum Severity level for the backup Syslog server.

Check Contents

Verify the device generates a log event when commands are executed.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> Logging

Under Logging Configurations, verify Minimum Severity is set to Info

If the Standard Mandatory DoD Notice and Consent Banner does not exist on this page, this is a finding.

Vulnerability Number

V-62857

Documentable

False

Rule Version

RICX-DM-000023

Severity Override Guidance

Verify the device generates a log event when commands are executed.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> Logging

Under Logging Configurations, verify Minimum Severity is set to Info

If the Standard Mandatory DoD Notice and Consent Banner does not exist on this page, this is a finding.

Check Content Reference

M

Target Key

2931

Comments