Detections
Analytics
F5BI-DM-000085 - The BIG-IP appliance must be configured to back up audit records at least every seven (7) days onto a different system or system component than the system or component being audited.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained.This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure the BIG-IP appliance to off-load logs to a remote syslog server to back up audit records at least every seven days onto a different system or system component than the system or component being audited.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_11-x_STIG.zip
Item Details
Audit Name: DISA F5 BIG-IP Device Management 11.x STIG v1r7
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9(2), CAT|III, CCI|CCI-001348, Rule-ID|SV-74565r1_rule, STIG-ID|F5BI-DM-000085, Vuln-ID|V-60135
Plugin: F5
Control ID: 78389df5dee75ca2eab8057931602151d80223d89aa7645f64a5c23838495104