Check: WSDP-NM-000136
IBM DataPower Network Device Management STIG:
WSDP-NM-000136
(in versions v1 r2 through v1 r1)
Title
The DataPower Gateway must employ automated mechanisms to centrally verify authentication settings. (Cat II impact)
Discussion
The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrator accounts for daily usage on each network device without centralized management is not scalable or feasible. Without centralized management, it is likely that credentials for some network devices will be forgotten, leading to delays in administration, which itself leads to delays in remediating production problems and in addressing compromises in a timely fashion.
Check Content
Go to Administration >> Access >> RBM Settings. Verify Authentication Method is LDAP. If it is not, this is a finding.
Fix Text
Go to Administration >> Access >> RBM Settings. Set Authentication Method to LDAP. Configure LDAP connection as needed. The connection will be verified.
Additional Identifiers
Rule ID: SV-79671r1_rule
Vulnerability ID: V-65181
Group Title: SRG-APP-000516-NDM-000338
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-000372 |
The organization employs automated mechanisms to centrally verify configuration settings for organization-defined information system components. |