V-255537

Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). It is not possible to perform unsuccessful commands in the UI web management interface since it is a GUI interface. Unauthorized menu items/commands are not visible.

Check Content

Navigate to Settings >> Advanced >> Syslog.

Verify that the syslog services are set to "on", the syslog server information is valid, and the syslog server has connected.

Navigate to Settings >> Advanced >> Audit Log.

Verify that the Audit Syslog, "Use System Syslog" button is set to "Yes" and that the Audit Configuration Categories can be checked in accordance with the role assigned. For an administrator, the admin role should allow all categories to be checked for Audit Log, Syslog, and Audit Console.

Log off, log on again, and attempt to repeat the process logged on as a "lesser" user that does not have privileges to configure audit.

Attempt to modify the audit log categories. This should fail.

Following this verification, if it is possible for a non-privileged user with no audit log modification privileges to modify log functions, this is a finding.