Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-242259 | TIPP-NM-000670 | SV-242259r754443_rule | High |
Description |
---|
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. Auditing account changes provides the necessary reconciliation that account management procedures are being followed. Without this audit trail, personnel without the proper authorization may gain access to critical network nodes. Associating event types, date/time of the event, identity of any individual or process associated with the event, source/destination of the event, location of the event, and the outcome of the event provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured network device. Satisfies: SRG-APP-000026-NDM-000208, SRG-APP-000027-NDM-000209, SRG-APP-000028-NDM-000210, SRG-APP-000029-NDM-000211, SRG-APP-000319-NDM-000283, SRG-APP-000091-NDM-000223, SRG-APP-000095-NDM-000225, SRG-APP-000096-NDM-000226, SRG-APP-000097-NDM-000227, SRG-APP-000099-NDM-000229, SRG-APP-000100-NDM-000230, SRG-APP-000100-NDM-000231, SRG-APP-000100-NDM-000289, SRG-APP-000100-NDM-000305, SRG-APP-000100-NDM-000318, SRG-APP-000100-NDM-000319, SRG-APP-000100-NDM-000321, SRG-APP-000100-NDM-000325, SRG-APP-000100-NDM-000334, SRG-APP-000100-NDM-000250 |
STIG | Date |
---|---|
Trend Micro TippingPoint NDM Security Technical Implementation Guide | 2021-06-09 |
Check Text ( C-45534r710782_chk ) |
---|
In the SMS client, ensure the remote system is configured to generate all audit records. 1. Navigate to Admin >> Server properties >> Syslog. 2. Verify the configuration enables TCP. 3. Verify Device Audit, Device System, SMS Audit, and SMS System log types are enabled and configured. If syslog is not configured to use TCP or does not include the four log types, this is a finding. |
Fix Text (F-45492r710783_fix) |
---|
In the SMS client, ensure the remote system is configured to generate all audit records. 1. Navigate to Admin >> Server properties >> Syslog >> New. 2. Click enable. 3. Click TCP (required for DoD). 4. Under Log Type, select "Device Audit". 5. Facility is "Log Audit". 6. Timestamp: SMS Current Time. 7. Check "Include SMS hostname in Header". 8. Click OK. 9. Repeat these steps for the following three other Log Types: Device System, SMS Audit, and SMS System. |