STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Ivanti Policy Secure NDM Security Technical Implementation Guide

V-284536

CAT II (Medium)

The Ivanti Policy Secure must be configured to send the user access events audit log records to a centralized syslog server.

Rule ID

SV-284536r1244945_rule

STIG

Ivanti Policy Secure NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Satisfies: SRG-APP-000516-NDM-000350

Check Content

1. In the Web UI, navigate to System >> Log/Monitoring >> User Access >> Settings.
2. Verify "Select Events to Log" is configured to log all items.
3. Verify "Syslog Servers" is configured with a remote syslog server name/IP address.
4. Verify TSL is selected.

If user access events log audit records are not configured to be sent to a remote centralized syslog server, this is a finding.

Fix Text

1. In the Web UI, navigate to System >> Log/Monitoring >> User Access >> Settings.
2. Under "Select Events to Log", check all items.
3. Under "syslog Servers" add an IP address/server name/IP.
4. Set the facility to LOCAL0.
5. Set type to TLS.
6. Optionally, only if a client certificate is required for the syslog server, select the client certificate to use for the syslog traffic. If none exists, import the DoW-signed client key pair to the Policy Secure under System >> Configuration >> Certificates >> Client Auth Certificates. 
7. Set the standard filer.
8. Set the source interface as either the management or internal interface.
9. Click "Add".
10. Click "Save Changes".