STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must provide audit record generation capability for DoD-defined auditable events within the network device.

DISA Rule

SV-77423r1_rule

Vulnerability Number

V-62933

Group Title

SRG-APP-000089-NDM-000221

Rule Version

RICX-DM-000071

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Configure RiOS to off-load audit records onto a different system than the system being audited.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> Logging
Click on "Add a New Log Server"
Set "Server IP" to the IP address of the remote log server
Set "Minimum Severity" to Info
In the Pre-Process Logging area, Click Remote Selected if any of the filtered processes violate the capture of DoD-defined auditable events.
Click "Add"
Click "Apply"

Navigate to the top of the web page and click "Save" to save these settings permanently

Check Contents

Verify that RiOS is configured to off-load audit records (logs) onto a different system than the system being audited.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> Logging
Verify that "Remote Log Servers" contains IP addresses for all available log servers

View "Per-Process Logging" section to see if a process or severity has been configured. Note: This only affects the system log, not the user type facilities.

If a filter has been added in 'Per-Process Logging" which prevents the capture of DoD-defined auditable events, this is a finding.

If "Remote Log Servers" is empty and no remote log servers are configured, this is a finding.

Vulnerability Number

V-62933

Documentable

False

Rule Version

RICX-DM-000071

Severity Override Guidance

Verify that RiOS is configured to off-load audit records (logs) onto a different system than the system being audited.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> Logging
Verify that "Remote Log Servers" contains IP addresses for all available log servers

View "Per-Process Logging" section to see if a process or severity has been configured. Note: This only affects the system log, not the user type facilities.

If a filter has been added in 'Per-Process Logging" which prevents the capture of DoD-defined auditable events, this is a finding.

If "Remote Log Servers" is empty and no remote log servers are configured, this is a finding.

Check Content Reference

M

Target Key

2931

Comments