UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BIG-IP appliance must be configured to create backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.


Overview

Finding ID Version Rule ID IA Controls Severity
V-60235 F5BI-DM-000279 SV-74665r1_rule Medium
Description
Information system backup is a critical step in maintaining data assurance and availability. Information system and security-related documentation contains information pertaining to system configuration and security settings. If this information were not backed up and a system failure were to occur, the security settings would be difficult to reconfigure quickly and accurately. Maintaining a backup of information system and security-related documentation provides for a quicker recovery time when system outages occur. This control requires the network device to support the organizational central backup process for user account information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups.
STIG Date
F5 BIG-IP Device Management 11.x Security Technical Implementation Guide 2017-06-27

Details

Check Text ( C-61163r1_chk )
Verify the BIG-IP appliance is configured to off-load logs to a remote log server when changes occur.

Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging.

Verify a log destination is configured to allow for backups of information system documentation when changes occur.

If the BIG-IP appliance does not backup the information system documentation, including security-related documentation, when changes occur, this is a finding.
Fix Text (F-65851r1_fix)
Configure the BIG-IP appliance to create backups of information system documentation, including security-related documentation, when changes occur.