STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must automatically audit account enabling actions.

DISA Rule

SV-79617r1_rule

Vulnerability Number

V-65127

Group Title

SRG-APP-000319-NDM-000283

Rule Version

WSDP-NM-000085

Severity

CAT II

CCI(s)

• CCI-002130 - The information system automatically audits account enabling actions.

Weight

10

Fix Recommendation

Configure a comprehensive audit trail by turning on the audit log using the web interface (Objects >> Logging Configuration >> Audit Log Settings) then setting the desired level of logging detail for audit-events.

Check Contents

View the logging settings: Objects >> Logging Configuration >> Audit Log Settings. Then examine the audit log after enabling or disabling an account (the most recent entry will be at the bottom of the log).

If this message is not present, this is a finding.

Vulnerability Number

V-65127

Documentable

False

Rule Version

WSDP-NM-000085

Severity Override Guidance

View the logging settings: Objects >> Logging Configuration >> Audit Log Settings. Then examine the audit log after enabling or disabling an account (the most recent entry will be at the bottom of the log).

If this message is not present, this is a finding.

Check Content Reference

M

Target Key

2861

Comments