UCF STIG Viewer Logo

The DataPower Gateway providing user access control intermediary services must provide the capability for authorized users to capture, record, and log all content related to a selected user session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-65305 WSDP-AG-000120 SV-79795r1_rule Medium
Description
Without the capability to capture, record, and log content related to a user session, investigations into suspicious user activity would be hampered. The intent of this requirement is to ensure the capability to select specific sessions to capture is available in order to support general auditing/incident investigation, or to validate suspected misuse by a specific user. Examples of session events that may be captured include, port mirroring, tracking websites visited, and recording information and/or file transfers.
STIG Date
IBM DataPower ALG Security Technical Implementation Guide 2016-01-21

Details

Check Text ( C-65933r1_chk )
From the WebGUI Control Panel, click on Troubleshooting >> Click on the Debug Probe tab. Verify that the desired service type and service instance has an active Probe track transaction information for that service instance.

From the WebGUI, go to Objects >> Logging Configuration>> Log Target. Verify the desired filters, triggers, subscriptions, and log destination.

If these items have not been configured, this is a finding.
Fix Text (F-71245r1_fix)
From the WebGUI Control Panel, click on Troubleshooting >> Click on the Debug Probe tab >> Select a desired service type and service instance >> Click on Add Probe to begin tracking transaction information for that service instance.

From the WebGUI, go to Objects >> Logging Configuration >> Log Target. Configure the desired filters, triggers, subscriptions, and log destination.