ONTAP must generate log records for a locally developed list of auditable events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246943 | NAOT-CM-000006 | SV-246943r769161_rule | Medium |
| Description |
|---|
| Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. |
| STIG | Date |
|---|---|
| NetApp ONTAP DSC 9.x Security Technical Implementation Guide | 2021-07-28 |
Details
| Check Text ( C-50375r769159_chk ) |
|---|
| Use "cluster log-forwarding show -instance" to see if remote syslogging of ONTAP audit records is configured and which syslog facilities are being forwarded. If ONTAP cannot be configured to generate log records for a locally developed list of auditable events, this is a finding. |
| Fix Text (F-50329r769160_fix) |
|---|
| Configure ONTAP to generate log records for a locally developed list of auditable events with "cluster log-forwarding create -destination |