Title

The DataPower Gateway must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). (Cat II impact)

Discussion

If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.

Check Content

In the web interface, go to Status >> View Logs >> Audit Log to display current time stamped log entries. If the UTC format is not used, this is a finding.

Fix Text

By default, the DataPower Gateway records time stamps for audit records in Coordinated Universal Time (UTC). The following is an example: March 30, 2015 followed by the number of milliseconds since January 1, 1970. 20150330T072434.296Z

Additional Identifiers

Rule ID: SV-79645r1_rule

Vulnerability ID: V-65155

Group Title: SRG-APP-000374-NDM-000299

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.