STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial of service incidents are detected.

DISA Rule

SV-79791r1_rule

Vulnerability Number

V-65301

Group Title

SRG-NET-000392-ALG-000148

Rule Version

WSDP-AG-000117

Severity

CAT II

CCI(s)

• CCI-002664 - The information system alerts organization-defined personnel or roles when organization-defined compromise indicators reflect the occurrence of a compromise or a potential compromise.

Weight

10

Fix Recommendation

From the WebGUI, go to Objects >> Logging Configuration >> Log Target. On the Main tab, select SNMP. On the Event Subscriptions tab add an event subscription where Event Category = multistep and Minimum Event Priority = error.

Configure the DataPower Gateway to, upon receipt of a multistep error message, send a notification to an authorized SNMP server. That server must be configured to, at a minimum, send an alert to the ISSO and ISSM.

In the DataPower WebGUI, navigate to Administration >> Access >> SNMP Settings. Configure the "Trap and Notification Targets" tab to include an approved SNMP server that generates alerts that will be forwarded, at a minimum, to the ISSO and ISSM.

Check Contents

From the WebGUI, go to Objects >> Logging Configuration>> Log Target. On the Main tab, SNMP should be selected. On the Event Subscriptions tab, confirm that there is an event subscription where Event Category = multistep and Minimum Event Priority = error.

In the DataPower WebGUI, navigate to Administration >> Access >> SNMP Settings. Verify that the "Trap and Notification Targets" tab includes an approved SNMP server that generates alerts that will be forwarded, at a minimum, to the ISSO and ISSM.

If no SNMP server is configured as a Log Target, this is a finding.

Vulnerability Number

V-65301

Documentable

False

Rule Version

WSDP-AG-000117

Severity Override Guidance

From the WebGUI, go to Objects >> Logging Configuration>> Log Target. On the Main tab, SNMP should be selected. On the Event Subscriptions tab, confirm that there is an event subscription where Event Category = multistep and Minimum Event Priority = error.

In the DataPower WebGUI, navigate to Administration >> Access >> SNMP Settings. Verify that the "Trap and Notification Targets" tab includes an approved SNMP server that generates alerts that will be forwarded, at a minimum, to the ISSO and ISSM.

If no SNMP server is configured as a Log Target, this is a finding.

Check Content Reference

M

Target Key

2859

Comments