STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to F5 BIG-IP TMOS ALG Security Technical Implementation Guide

V-266146

CAT II (Medium)

The F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.

Rule ID

SV-266146r1024841_rule

STIG

F5 BIG-IP TMOS ALG Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000172CCI-000130CCI-000131CCI-000132CCI-000133CCI-000134CCI-001487CCI-001243CCI-002656CCI-002684CCI-002664CCI-002400

Discussion

Without generating audit records that log usage of objects by subjects and other objects, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. The device logs internal users associated with denied outgoing communications traffic posing a threat to external information systems. Audit records can be generated from various components within the information system (e.g., module or policy filter). Security objects are data objects which are controlled by security policy and bound to security attributes. Satisfies: SRG-NET-000492-ALG-000027, SRG-NET-000494-ALG-000029, SRG-NET-000495-ALG-000030, SRG-NET-000496-ALG-000031, SRG-NET-000497-ALG-000032, SRG-NET-000498-ALG-000033, SRG-NET-000499-ALG-000034, SRG-NET-000500-ALG-000035, SRG-NET-000501-ALG-000036, SRG-NET-000502-ALG-000037, SRG-NET-000503-ALG-000038, SRG-NET-000505-ALG-000039, SRG-NET-000513-ALG-000026, SRG-NET-000074-ALG-000043, SRG-NET-000075-ALG-000044, SRG-NET-000076-ALG-000045, SRG-NET-000077-ALG-000046, SRG-NET-000078-ALG-000047, SRG-NET-000079-ALG-000048, SRG-NET-000249-ALG-000146, SRG-NET-000383-ALG-000135, SRG-NET-000385-ALG-000138, SRG-NET-000392-ALG-000141, SRG-NET-000392-ALG-000142, SRG-NET-000392-ALG-000143, SRG-NET-000392-ALG-000147, SRG-NET-000392-ALG-000148, SRG-NET-000392-ALG-000149, SRG-NET-000370-ALG-000125

Check Content

APM Default Log Profile:
From the BIG-IP GUI:
1. Access.
2. Overview.
3. Event Logs.
4. Settings.
5. Check the box for the "default-log-setting" and click "Edit".
6. Verify "Enable Access System Logs" is checked.
7. On the "Access System Logs" tab, verify all items are set to "Notice".


Access Profile Log Setting:
From the BIG-IP GUI:
1. Access.
2. Profiles/Policies.
3. Access Profiles (Per-Session Policies).
4. Click the Name of the Access Profile.
5. Logs tab.
6. Verify "default-log-setting" is in the "Selected" column.

If the BIG-IP appliance is not configured to generate log records, this is a finding.

Fix Text

Note: Performing this Fix modifies the "default-log-setting" log profile, but users can use a different log profile for the Access Profile. However, this requires using the APM Module.

APM Default Log Profile:
From the BIG-IP GUI:
1. Access.
2. Overview.
3. Event Logs.
4. Settings.
5. Check the box for the "default-log-setting" and click "Edit".
6. Check "Enable Access System Logs".
7. On the "Access System Logs" tab, set all items are to "Notice".
8. Click "OK".

Access Profile Log Setting:
From the BIG-IP GUI:
1. Access.
2. Profiles/Policies.
3. Access Profiles (Per-Session Policies).
4. Click the Name of the Access Profile.
5. Logs tab.
6. Move "default-log-setting" to the "Selected" column.
7. Click "Update".