STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must provide audit record generation capability for DoD-defined auditable events within DataPower.

DISA Rule

SV-79559r1_rule

Vulnerability Number

V-65069

Group Title

SRG-APP-000089-NDM-000221

Rule Version

WSDP-NM-000022

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Privileged account user logon to default domain

In the search field, enter “Log Target”.

From the search results, click “Log Target”.

Click “Add”.

Name: enter the name of the log target (e.g., targetDodEvents)
Target Type: File
Log Format: XML
Timestamp format: Syslog
Destination Configuration: File Name: logstore:///dodEvents.log
Log Size: 1024
Archive Mode: Rotate
Number of Rotations: 6

Click on the “Event Filters” Tab.

Event Subscription Filter, click “Select Code”; select an Event Code from the list in the popup window.

Click the “Add” button. Repeat the process until all desired event codes have been added.

Click “Apply” to save the changes to the running configuration.

Click “Save Configuration” to save the changes to the persisted configuration.

Check Contents

Control Panel >> View Logs

Select “DOD-EventsLog” from the drop-down list at the top of the page. If the log is empty, this is a finding.

Vulnerability Number

V-65069

Documentable

False

Rule Version

WSDP-NM-000022

Severity Override Guidance

Control Panel >> View Logs

Select “DOD-EventsLog” from the drop-down list at the top of the page. If the log is empty, this is a finding.

Check Content Reference

M

Target Key

2861

Comments