F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

Information

If security personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion. This could lead to the loss of audit information. Note that while the network device must generate the alert, notification may be done by a management server.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the BIG-IP appliance to use a properly configured syslog server to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_11-x_Y20M10_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

References: 800-53|AU-5(1), 800-53|CM-6b., CAT|III, CCI|CCI-000366, CCI|CCI-001855, Rule-ID|SV-229005r557520_rule, STIG-ID|F5BI-DM-000193, STIG-Legacy|SV-74633, STIG-Legacy|V-60203, Vuln-ID|V-229005

Plugin: F5

Control ID: 4e8fd418dbc8922e8a8f38b4d17019974342c168f2036c1ee41f23ce816a379e