STIGQter: STIG Summary: F5 BIG-IP Advanced Firewall Manager 11.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 29 May 2015:

The BIG-IP AFM module must be configured to produce audit records containing information to establish what type of events occurred.

DISA Rule

SV-74353r1_rule

Vulnerability Number

V-59923

Group Title

SRG-NET-000074-ALG-000043

Rule Version

F5BI-AF-000039

Severity

CAT II

CCI(s)

• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.

Weight

10

Fix Recommendation

Configure the BIG-IP AFM module to produce audit records containing information to establish what type of events occurred.

Navigate to the BIG-IP System manager >> Security >> Event Logs >> Logging Profiles.

Click on 'Create'.

Name the Profile.

Check the box next to 'Network Firewall'.

Configure settings to log required information.

Click 'Finished'.

Check Contents

Verify the BIG-IP AFM module is configured to produce audit records containing information to establish what type of events occurred.

Navigate to the BIG-IP System manager >> Security >> Event Logs >> Logging Profiles.

Verify list of Profiles 'Enabled' for 'Network Firewall'.

If the BIG-IP AFM module does not produce audit records containing information to establish what type of events occurred, this is a finding.

Vulnerability Number

V-59923

Documentable

False

Rule Version

F5BI-AF-000039

Severity Override Guidance

Verify the BIG-IP AFM module is configured to produce audit records containing information to establish what type of events occurred.

Navigate to the BIG-IP System manager >> Security >> Event Logs >> Logging Profiles.

Verify list of Profiles 'Enabled' for 'Network Firewall'.

If the BIG-IP AFM module does not produce audit records containing information to establish what type of events occurred, this is a finding.

Check Content Reference

M

Target Key

2839

Comments