STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

In the event of a system failure of the DataPower Gateway function, the DataPower Gateway must save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted.

DISA Rule

SV-79729r1_rule

Vulnerability Number

V-65239

Group Title

SRG-NET-000236-ALG-000119

Rule Version

WSDP-AG-000054

Severity

CAT II

CCI(s)

• CCI-001665 - The information system preserves organization-defined system state information in the event of a system failure.

Weight

10

Fix Recommendation

By default, the DataPower Gateway, in the event of a system failure, saves diagnostic information, logs system messages, and loads the most current security policies, rules, and signatures when restarted and reverts to Failsafe Mode

In addition, the DataPower Gateway supports the configuration of optional failure notification functions. These include the following: upload error report, include internal state, background packet capture, background log capture, and background memory trace.

To configure these additional functions, use the WebGUI at Administration >> Device >> Failure Notification. Select the capabilities desired.

Check Contents

Verify that all desired optional failure notification functions are configured by going to the WebGUI at Administration >> Device >> Failure Notification.

If this is not configured, this is a finding.

Vulnerability Number

V-65239

Documentable

False

Rule Version

WSDP-AG-000054

Severity Override Guidance

Verify that all desired optional failure notification functions are configured by going to the WebGUI at Administration >> Device >> Failure Notification.

If this is not configured, this is a finding.

Check Content Reference

M

Target Key

2859

Comments