STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Ivanti Policy Secure NDM Security Technical Implementation Guide

V-284638

CAT II (Medium)

The Ivanti Policy Secure must send admin access audit log records to a centralized syslog server.

Rule ID

SV-284638r1244993_rule

STIG

Ivanti Policy Secure NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Satisfies: SRG-APP-000516-NDM-000350

Check Content

1. In the Web UI, navigate to System >> Log/Monitoring >> Admin Access >> Settings.
2. Verify "Select Events to Log" is configured to log all items.
3. Verify "Syslog Servers" is configured with a remote syslog server name/IP address.
4. Verify TSL is selected.

If admin access events log audit records are not configured to be sent to a remote centralized syslog server, this is a finding.

Fix Text

1. In the Web UI, navigate to System >> Log/Monitoring >> Admin Access >> Settings.
2. Under "Select Events to Log", check all items.
3. Under "syslog Servers", add an IP address/server name/IP.
4. Set the facility to LOCAL0.
5. Set type to TLS.
6. (Optionally, only if a client cert is required for the syslog server) Select the client certificate to use for the syslog traffic. If none exists, import the DoW-signed client key pair to the Policy Secure under System >> Configuration >> Certificates >> Client Auth Certificates. 
7. Set the standard filer. 
8. Set the source interface as either the management or internal interface.
9. Click Add.
10. Click save changes.