Check: F5BI-DM-000067
F5 BIG-IP Device Management STIG:
F5BI-DM-000067
(in versions v2 r3 through v1 r3)
Title
The BIG-IP appliance must be configured to alert the ISSO and SA (at a minimum) in the event of an audit processing failure. (Cat III impact)
Discussion
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected. Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded.
Check Content
Verify the BIG-IP appliance is configured to alert the ISSO and SA (at a minimum) in the event of an audit processing failure. Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Options. Verify "MCP" under the "Audit Logging" section is set to Debug. If the BIG-IP appliance is not configured to alert in the event of an audit processing failure, this is a finding.
Fix Text
Configure the BIG-IP appliance to alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
Additional Identifiers
Rule ID: SV-228983r879887_rule
Vulnerability ID: V-228983
Group Title: SRG-APP-000516-NDM-000317
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000139 |
The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure. |
CCI-000366 |
The organization implements the security configuration settings. |