Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The NSX Manager must off-load audit records onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69209 | VNSX-ND-000128 | SV-83813r1_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
| STIG | Date |
|---|---|
| VMware NSX Manager Security Technical Implementation Guide | 2016-06-27 |
Details
| Check Text ( C-69649r1_chk ) |
|---|
| Verify NSX Manager audit records are off-loaded to a different system. Log on to NSX Manager with credentials authorized for administration, navigate and select Manage Appliance Settings >> Syslog Server >> Edit. Enter name or IP of the Syslog Server, Port, and Protocol. If audit records are not configured and are not off-loaded to a different system, this is a finding. Note: TCP is the preferred protocol configuration to protect against network outages and queues logs locally until network connection is restored to a centralized server. |
| Fix Text (F-75395r1_fix) |
|---|
| Change the logs in NSX Manager to send to a centralized server for use as part of the organization's security incident tracking and analysis. Log on to NSX Manager with credentials authorized for administration, navigate and select Manage Appliance Settings >> Syslog Server >> Edit. Enter name or IP of the Syslog Server, Port, and Protocol. |