STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway must off-load audit records onto a centralized log server in real time.

DISA Rule

SV-79805r1_rule

Vulnerability Number

V-65315

Group Title

SRG-NET-000511-ALG-000051

Rule Version

WSDP-AG-000140

Severity

CAT III

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Search Bar “Log Target” in the Search field >> Log target >> Event Subscription tab >> Add >> Event Category “audit” >> Minimum Event Priority event priority level >> Apply >> Apply >> Save Configuration.

If the only log target is “default-log”: Type “Log Target” in the Search field >> Log target >> Main tab >> Target Type “syslog” >> syslog Facility facility >> Local Identifier identifier >> Remote Host hostname.

Check Contents

Search Bar “Log Target” >> Log target >> Event Subscription tab.

If “audit” is not listed under Event Category, this is a finding.

If “Rule Action” does not contain a “Filter” action, this is a finding.

Vulnerability Number

V-65315

Documentable

False

Rule Version

WSDP-AG-000140

Severity Override Guidance

Search Bar “Log Target” >> Log target >> Event Subscription tab.

If “audit” is not listed under Event Category, this is a finding.

If “Rule Action” does not contain a “Filter” action, this is a finding.

Check Content Reference

M

Target Key

2859

Comments