Audit records content must contain valid information to allow for proper incident reporting.

From IBM Hardware Management Console (HMC) STIG

Part of HMC0185

Associated with IA controls: ECAR-2, ECAR-1

Associated with: CCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-001487

SV-31556r2_rule Audit records content must contain valid information to allow for proper incident reporting.

Vulnerability discussion

The content of audit data must validate that the information contains: User IDsSuccessful and unsuccessful attempts to access security files (e.g., audit records, password files, access control files, etc)Date and time of the eventType of eventSuccess or failure of eventSuccessful and unsuccessful logonsDenial of access resulting from excessive number of logon attemptsFailure to not contain this information may hamper attempts to trace events and not allow proper tracking of incidents during a forensic investigation

Check content

Have the System Administrator validate the audit records contain valid information to allow for a proper incident tracking. Use the View Console Events task to display contents of security logs. Use the View Console Events task to view security logs and validate that it has the following information: User IDs Successful and unsuccessful attempts to access security files (e.g., audit records, password files, access control files, etc) Date and time of the event Type of event Success or failure of event Successful and unsuccessful logons Denial of access resulting from excessive number of logon attempts

Fix text

Have the System Administrator check the content of audit records. Use the View Console Events task to view security logs and validate that it has the following information: User IDs Successful and unsuccessful attempts to access security files (e.g., audit records, password files, access control files, etc) Date and time of the event Type of event Success or failure of event Successful and unsuccessful logons Denial of access resulting from excessive number of logon attempts

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer