STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

DISA Rule

SV-79573r1_rule

Vulnerability Number

V-65083

Group Title

SRG-APP-000125-NDM-000241

Rule Version

WSDP-NM-000042

Severity

CAT III

CCI(s)

• CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

10

Fix Recommendation

Type “Log Target” in the Search field >> Log target >> Event Subscription tab >> Add >> Event Category “audit” >> Minimum Event Priority event priority level >> Apply >> Apply >> Save Configuration.

If the only log target is “default-log”: Type “Log Target” in the Search field >> Log target >> Main tab >> Target Type “syslog” >> syslog Facility facility >> Local Identifier identifier >> Remote Host hostname.

Check Contents

Type “Log Target” in the Search field >> Log target >> Event Subscription tab.

If “audit” in not listed under Event Category, this is a finding.

If “Rule Action” does not contain a “Filter” action, this is a finding.

Vulnerability Number

V-65083

Documentable

False

Rule Version

WSDP-NM-000042

Severity Override Guidance

Type “Log Target” in the Search field >> Log target >> Event Subscription tab.

If “audit” in not listed under Event Category, this is a finding.

If “Rule Action” does not contain a “Filter” action, this is a finding.

Check Content Reference

M

Target Key

2861

Comments