UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BIG-IP appliance must be configured to back up audit records at least every seven (7) days onto a different system or system component than the system or component being audited.


Overview

Finding ID Version Rule ID IA Controls Severity
V-60135 F5BI-DM-000085 SV-74565r1_rule Low
Description
Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.
STIG Date
F5 BIG-IP Device Management 11.x Security Technical Implementation Guide 2017-06-27

Details

Check Text ( C-60961r1_chk )
Verify the BIG-IP appliance is configured to off-load logs to a remote syslog server that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited.

Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging.

Verify a syslog destination is configured that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited.

If the BIG-IP appliance is not configured to off-load logs to a remote syslog server that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited, this is a finding.
Fix Text (F-65693r1_fix)
Configure the BIG-IP appliance to off-load logs to a remote syslog server to back up audit records at least every seven days onto a different system or system component than the system or component being audited.