Check: WSDP-AG-000090
IBM DataPower ALG STIG:
WSDP-AG-000090
(in version v1 r1)
Title
The DataPower Gateway must off-load audit records onto a centralized log server. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. This does not apply to audit logs generated on behalf of the device itself (management).
Check Content
Search Bar “Log Target” >> Log target >> Event Subscription tab. If “audit” is not listed under Event Category, this is a finding. If “Rule Action” does not contain a “Filter” action, this is a finding.
Fix Text
Search Bar “Log Target” in the Search field >> Log target >> Event Subscription tab >> Add >> Event Category “audit” >> Minimum Event Priority event priority level >> Apply >> Apply >> Save Configuration. If the only log target is “default-log”: Type “Log Target” in the Search field >> Log target >> Main tab >> Target Type “syslog” >> syslog Facility facility >> Local Identifier identifier >> Remote Host hostname.
Additional Identifiers
Rule ID: SV-79749r1_rule
Vulnerability ID: V-65259
Group Title: SRG-NET-000334-ALG-000050
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |
Controls
| Number | Title |
|---|---|
| AU-4 (1) |
Transfer To Alternate Storage |