UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must produce a system-wide audit trail composed of log records in a standardized format.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34593 SRG-NET-000112-IDPS-00081 SV-45457r1_rule Low
Description
Auditing of account use and user actions is a critical part of the security architecture. Auditable events must be logged. If the IDPS becomes unable to write events to the audit log, this is known as an audit processing failure. Audit processing failures include software and hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. The IDPS consists of a management console/server which aggregates the application audit trail log from the sensors and management server. The audit trail log is the application log rather than the sensor events log. The IDPS will also aggregate the sensor event logs from all the sensors onto the management console/server. Centralized audit and log records are essential for quickly investigating network attacks.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42806r1_chk )
If the organization's central log server provides the aggregation and formatting of the audit log (rather than an IDPS management console), this is not a finding.

Examine the management console or server where the system-wide application audit trail is aggregated. (Ideally, this will be the site's silo server; however it can be the management console or another database).
Verify audit log uses a standardized format or protocol (e.g., SYSLOG or well-known database).

If IDPS does not produce a system-wide audit trail for the application audit logs, this is a finding. If the IDPS log is not produced by the system in a standard industry format, this is a finding.
Fix Text (F-38854r1_fix)
Configure the audit log settings to produce a system-wide, aggregated application audit log.
Select an industry standard format for the audit log.