STIGQter: STIG Summary: F5 BIG-IP Device Management 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP appliance must be configured to off-load audit records onto a different system or media than the system being audited.

DISA Rule

SV-217418r557520_rule

Vulnerability Number

V-217418

Group Title

SRG-APP-000515-NDM-000325

Rule Version

F5BI-DM-000257

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Configure the BIG-IP appliance to off-load audit records onto a different system or media than the system being audited.

Check Contents

Verify the BIG-IP appliance is configured to off-load audit records onto a different system or media than the system being audited.

Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging.

Verify a syslog destination is configured that off-loads audit records from the BIG-IP appliance that is different from the system being audited.

If BIG-IP appliance is not configured to off-load audit records onto a different system or media, this is a finding.

Vulnerability Number

V-217418

Documentable

False

Rule Version

F5BI-DM-000257

Severity Override Guidance

Verify the BIG-IP appliance is configured to off-load audit records onto a different system or media than the system being audited.

Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging.

Verify a syslog destination is configured that off-loads audit records from the BIG-IP appliance that is different from the system being audited.

If BIG-IP appliance is not configured to off-load audit records onto a different system or media, this is a finding.

Check Content Reference

M

Target Key

4036

Comments