UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must use cryptographic mechanisms to protect the integrity of audit log information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34586 SRG-NET-000106-IDPS-00077 SV-45448r1_rule Medium
Description
Without the use of mechanisms, such as a signed hash using asymmetric cryptography, the integrity of the collected audit data is not fully protected. There are two types of log files required for IDPS components, the sensor event log/queue and the application audit trail log. The sensor event log stores detected events based on sensor network monitoring. The application level audit trail log stores auditing results of enforcement actions based on the access control restrictions and other security policy for the IDPS itself. This control requires the configuration of a cryptographic module with strong integrity protection. Integrity protection is provided by the hashing algorithm used by the cryptographic module. Use of FIPS-validated or NSA-approved cryptography as required by CCI- 001144 will ensure compliance. Encryption of active log files (collection) is not a common capability, especially on systems that generate large volumes of events such as an IDPS. This requirement is only applicable if cryptography is required by the data owner or organizational policy.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42797r1_chk )
Examine the cryptographic module used for storing and transmitting event audit logs.
Verify the cryptographic module is configured to use an asymmetric hashing algorithm which uses asymmetric cryptography (e.g., SHA-2 or MD5).

If audit logs are not configured to use hashing algorithms which use asymmetric cryptography, this is a finding.
Fix Text (F-38845r1_fix)
Configure audit logs to use hashing algorithms which use asymmetric cryptography in storage and during transmission.