STIGQter STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when local accounts are created.

DISA Rule

SV-77337r2_rule

Vulnerability Number

V-62847

Group Title

SRG-APP-000291-NDM-000275

Rule Version

RICX-DM-000011

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RiOS to capture an SNMP trap for user creation events that can be sent to the ISSO and designated administrators by the SNMP server.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> Email

Enter an SMTP Server name
Enter n SMTP Port number
Check "Report Events via Email" and enter at least one email address
Check "Report Failures via Email" and enter at least one email address

Check Contents

Verify that RiOS captures an SNMP trap for user creation events that can be sent to the ISSO and designated administrators by the SNMP server.
Navigate to the device Management Console
Navigate to Configure >> System Settings >> Email

Verify that an SMTP Server is defined
Verify that an SMTP Port is defined
Verify that "Report Events via Email" is checked and that at least one email address is defined
Verify that "Report Failures via Email" is checked and that at least one email address is defined

If an email for the ISSO and the system administrator accounts are not defined, this is a finding.

Vulnerability Number

V-62847

Documentable

False

Rule Version

RICX-DM-000011

Severity Override Guidance

Verify that RiOS captures an SNMP trap for user creation events that can be sent to the ISSO and designated administrators by the SNMP server.
Navigate to the device Management Console
Navigate to Configure >> System Settings >> Email

Verify that an SMTP Server is defined
Verify that an SMTP Port is defined
Verify that "Report Events via Email" is checked and that at least one email address is defined
Verify that "Report Failures via Email" is checked and that at least one email address is defined

If an email for the ISSO and the system administrator accounts are not defined, this is a finding.

Check Content Reference

M

Target Key

2931

Comments