STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.

DISA Rule

SV-79601r1_rule

Vulnerability Number

V-65111

Group Title

SRG-APP-000268-NDM-000274

Rule Version

WSDP-NM-000076

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001328 - The organization, if an information system component failure is detected, activates an organization-defined alarm and/or automatically shuts down the information system.

Weight

10

Fix Recommendation

From the DataPower command line, enter "failure-notification" to configure DataPower to generate failure notifications.

With failure notification enabled, you can send an error report to a designated recipient or upload to a specific location after the appliance returns to service from an unscheduled outage.

This error report can contain diagnostic details. Intrusion detection will provide a warning and restart in Fail-Safe mode.

Check Contents

From the DataPower command line, enter "failure-notification", then enter "show failure-notification". If it is "disabled", this is a finding. This capability is enabled by default.

Vulnerability Number

V-65111

Documentable

False

Rule Version

WSDP-NM-000076

Severity Override Guidance

From the DataPower command line, enter "failure-notification", then enter "show failure-notification". If it is "disabled", this is a finding. This capability is enabled by default.

Check Content Reference

M

Target Key

2861

Comments