STIGQter STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017: The DataPower Gateway must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.

DISA Rule

SV-79563r1_rule

Vulnerability Number

V-65073

Group Title

SRG-APP-000108-NDM-000232

Rule Version

WSDP-NM-000033

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

A Log Target can be configured to generate notifications (e.g., SNMP, SMTP) in the event that any of these event codes are detected.

Privileged account user log on to default domain >> Administration >> Miscellaneous >> "Manage Log Targets" >> Click the "Add" button >> Name: "SystemResourcesLog” >> Target Type: Select the desired notification mechanism (e.g., SMTP) >> Configure the SMTP server, providing the requested information; Log Format: “text” >> Fixed Format: off >> Rate Limit: “100” >> Feedback Detection: on >> Identical Event Detection: off >> Click the "Event Filters" tab >> Under "Event Subscriptions", add the following event codes: 0x00330034, 0x01a40001, 0x01a30002, 0x01a30003, 0x01a40005, 0x01a30006, 0x01a30014, 0x01a30015, 0x01a30017 >> Click the "Apply" button >> Click "Save Configuration".

Check Contents

Administration >> Miscellaneous >> "Manage Log Targets" >> Click the appropriate log target (e.g., "SystemResourcesLog") >> Click the "Event Filters" tab >> Confirm subscriptions to the following event codes: 0x00330034, 0x01a40001, 0x01a30002, 0x01a30003, 0x01a40005, 0x01a30006, 0x01a30014, 0x01a30015, 0x01a30017. If any of these codes are not subscribed to, this is a finding.

Vulnerability Number

V-65073

Documentable

False

Rule Version

WSDP-NM-000033

Severity Override Guidance

Administration >> Miscellaneous >> "Manage Log Targets" >> Click the appropriate log target (e.g., "SystemResourcesLog") >> Click the "Event Filters" tab >> Confirm subscriptions to the following event codes: 0x00330034, 0x01a40001, 0x01a30002, 0x01a30003, 0x01a40005, 0x01a30006, 0x01a30014, 0x01a30015, 0x01a30017. If any of these codes are not subscribed to, this is a finding.

Check Content Reference

M

Target Key

2861

Comments