Free DISA STIG and SRG Library | Vaulted

V-60219

The BIG-IP appliance must be configured to off-load audit records onto a different system or media than the system being audited.

Finding ID
F5BI-DM-000257
Rule ID
SV-74649r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000515-NDM-000325
CCI
CCI-001851
Target Key
(None)
Documentable
No
Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

Fix Text

Configure the BIG-IP appliance to off-load audit records onto a different system or media than the system being audited.

Check Content

Verify the BIG-IP appliance is configured to off-load audit records onto a different system or media than the system being audited. Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging. Verify a syslog destination is configured that off-loads audit records from the BIG-IP appliance that is different from the system being audited. If BIG-IP appliance is not configured to off-load audit records onto a different system or media, this is a finding.