STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must off-load audit records onto a different system or media than the system being audited.

DISA Rule

SV-79661r1_rule

Vulnerability Number

V-65171

Group Title

SRG-APP-000515-NDM-000325

Rule Version

WSDP-NM-000128

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Use the CLI copy command. Syntax: copy -f sourceURL destinationURL
-f is an optional switch that forces an unconditional copy. Example: xi52(config)# copy audit:audit-log sftp://test@xx.xx.x.xxx/LOGS/x/Week1.log.

Or, go to Administration-Miscellaneous >> Manage Log Targets, Event Subscription Tab, provide a name, press Add, choose Category “audit”.

Go to Main tab, choose protocol (NFS, SMTP, SNMP, File, etc.) and configure.

Check Contents

Go to Administration-Miscellaneous >> Manage Log Targets, Event Subscription Tab and check for acceptable configuration in the name and category fields. Go to the Main tab and check for the desired values in the protocol field.

If no Log Targets are configured, this is a finding.

Vulnerability Number

V-65171

Documentable

False

Rule Version

WSDP-NM-000128

Severity Override Guidance

Go to Administration-Miscellaneous >> Manage Log Targets, Event Subscription Tab and check for acceptable configuration in the name and category fields. Go to the Main tab and check for the desired values in the protocol field.

If no Log Targets are configured, this is a finding.

Check Content Reference

M

Target Key

2861

Comments