STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be logged.

DISA Rule

SV-77425r1_rule

Vulnerability Number

V-62935

Group Title

SRG-APP-000090-NDM-000222

Rule Version

RICX-DM-000072

Severity

CAT II

CCI(s)

• CCI-000171 - The information system allows organization-defined personnel or roles to select which auditable events are to be audited by specific components of the information system.

Weight

10

Fix Recommendation

Configure RiOS permission for auditable events.

Navigate to the device Management Console, then
Navigate to:
Configure >> Security >> User Permissions

Select the user
For "Basic Diagnostics", "TCP Dumps", "Reports". Click the "Deny" attribute

Click "Save" to save these settings permanently

Check Contents

Verify that RiOS restricts permission to select auditable event to authorized administrators.

Navigate to the device Management Console
Navigate to:
Configure >> Security >> User Permissions

Verify the "Deny" attribute is selected for "Basic Diagnostics", "TCP Dumps", "Reports" permissions

If the "Deny" attribute is not set for users who are not authorized access to configure auditable events, this is a finding.

Vulnerability Number

V-62935

Documentable

False

Rule Version

RICX-DM-000072

Severity Override Guidance

Verify that RiOS restricts permission to select auditable event to authorized administrators.

Navigate to the device Management Console
Navigate to:
Configure >> Security >> User Permissions

Verify the "Deny" attribute is selected for "Basic Diagnostics", "TCP Dumps", "Reports" permissions

If the "Deny" attribute is not set for users who are not authorized access to configure auditable events, this is a finding.

Check Content Reference

M

Target Key

2931

Comments