4.10 (L1) Host must verify certificates for TLS remote logging endpoints

Information

When engaging in remote logging activities, it is of utmost importance to ensure that the logging endpoint is genuine and secure. To achieve this, hosts should verify the TLS certificates of these endpoints. This verification provides assurance that the endpoint is both authentic and trustworthy, mitigating the risk of transmitting logs to potentially malicious or untrusted entities. The parameter governing this behavior is Syslog.global.certificate.checkSSLCerts with a recommended setting of TRUE.

Ensuring the authenticity and trustworthiness of remote logging endpoints is crucial for maintaining the security and integrity of the transmitted log data. By verifying the TLS certificates of these endpoints, the potential risk of man-in-the-middle attacks, data breaches, or unintended exposure of sensitive log information is significantly reduced.

Solution

Impact:

There is no direct functional impact when verifying certificates for TLS remote logging endpoints. However, it is essential to ensure that the certificates used by the logging endpoints are valid and up-to-date. If not, there might be interruptions in log transmissions or potential trust issues, necessitating certificate management and regular updates.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|SC-7, 800-53|SI-4, CSCv7|1.8

Plugin: VMware

Control ID: 54177b46276ad8594224a55aef3fbce650bf423cc2efb976dbc397ddcc62501b