STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must provide the capability for organization-identified individuals or roles to change the auditing to be performed based on all selectable event criteria within near-real-time.

DISA Rule

SV-79631r1_rule

Vulnerability Number

V-65141

Group Title

SRG-APP-000353-NDM-000292

Rule Version

WSDP-NM-000094

Severity

CAT II

CCI(s)

• CCI-001914 - The information system provides the capability for organization-defined individuals or roles to change the auditing to be performed on organization-defined information system components based on organization-defined selectable event criteria within organization-defined time thresholds.

Weight

10

Fix Recommendation

Configure the following near real-time auditing capabilities:

1. Subscriptions to the DataPower audit logs and associated event categories and Minimum Event Priority.

Set log targets and Event Subscription. Using the web interface, go to Objects >> Logging Configuration >> Log Target. Add an audit log target. View the Event Subscriptions tab to set audit log subscription Event Priority level.

2. SNMP trap event subscriptions to audit log events

SNMP Settings. Using the web interface, go to Administration >> Access >> SNMP Settings, Trap Event Subscriptions tab. Add audit log event codes to the SNMP notification configuration.

3. Audit levels.

Using the web interface, go to Object >> Logging Configuration >> Audit Log Settings. Set the Audit Levels at the desired level (standard or full).

Check Contents

View the following three auditing configuration capabilities:

Verify existing log targets and Event Subscriptions. Using the web interface, go to Objects >> Logging Configuration >> Log Target. View the Event Subscriptions tab to audit log subscription Event Priority levels.

SNMP Settings. Using the web interface, go to Administration >> Access >> SNMP Settings, Trap Event Subscriptions tab. View the Event Subscriptions tab to verify audit log subscription Event Priority levels.

Audit log settings. Using the web interface, go to Object >> Logging Configuration >> Audit Log Settings. Verify that the Audit Level is set at the full. If it is not, this is a finding.

Vulnerability Number

V-65141

Documentable

False

Rule Version

WSDP-NM-000094

Severity Override Guidance

View the following three auditing configuration capabilities:

Verify existing log targets and Event Subscriptions. Using the web interface, go to Objects >> Logging Configuration >> Log Target. View the Event Subscriptions tab to audit log subscription Event Priority levels.

SNMP Settings. Using the web interface, go to Administration >> Access >> SNMP Settings, Trap Event Subscriptions tab. View the Event Subscriptions tab to verify audit log subscription Event Priority levels.

Audit log settings. Using the web interface, go to Object >> Logging Configuration >> Audit Log Settings. Verify that the Audit Level is set at the full. If it is not, this is a finding.

Check Content Reference

M

Target Key

2861

Comments