STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated just now
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to F5 BIG-IP TMOS NDM Security Technical Implementation Guide

V-266068

CAT II (Medium)

The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.

Rule ID

SV-266068r1029557_rule

STIG

F5 BIG-IP TMOS NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002234CCI-000018CCI-001403CCI-001404CCI-001405CCI-002130CCI-000166CCI-000169CCI-000366CCI-000172CCI-000130CCI-000131CCI-000132CCI-000133CCI-000134CCI-001487CCI-000135CCI-001814

Discussion

Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat. Satisfies: SRG-APP-000343-NDM-000289, SRG-APP-000026-NDM-000208, SRG-APP-000027-NDM-000209, SRG-APP-000028-NDM-000210, SRG-APP-000029-NDM-000211, SRG-APP-000319-NDM-000283, SRG-APP-000080-NDM-000220, SRG-APP-000516-NDM-000334, SRG-APP-000091-NDM-000223, SRG-APP-000495-NDM-000318, SRG-APP-000499-NDM-000319, SRG-APP-000503-NDM-000320, SRG-APP-000504-NDM-000321, SRG-APP-000095-NDM-000225, SRG-APP-000096-NDM-000226, SRG-APP-000097-NDM-000227, SRG-APP-000098-NDM-000228, SRG-APP-000099-NDM-000229, SRG-APP-000100-NDM-000230, SRG-APP-000101-NDM-000231, SRG-APP-000381-NDM-000305

Check Content

From the BIG-IP GUI:
1. System.
2. Logs.
3. Configuration.
4. Options.
5. Under Local Traffic Logging:
 a. MCP: Notice.
 b. SSL: Informational.
 c. Traffic Management OS: Informational.
6. Under Audit Logging:
 a. MCP: Enable.

From the BIG-IP console, type the following commands:

tmsh list sys daemon-log-settings tmm os-log-level

Note: This command must return a value of "informational".

tmsh list sys daemon-log-settings tmm ssl-log-level

Note: This must return a value of "informational":

tmsh list sys daemon-log-settings mcpd audit

Note: This must return a value of "enabled".

tmsh list sys daemon-log-settings mcpd log-level

Note: This must return a value of "notice".

tmsh list sys db log.ssl.level value

Note: This must return a value of "informational".

If the BIG-IP appliance is not configured to audit the execution of privileged functions, this is a finding.

Fix Text

From the BIG-IP GUI:
1. System.
2. Logs.
3. Configuration.
4. Options.
5. Under "Local Traffic Logging":
 a. MCP: Notice.
 b. SSL: Informational.
 c. Traffic Management OS: Informational.
6. Under "Audit Logging":
 a. MCP: Enable.
7. Update.

From the BIG-IP console, type the following commands:

tmsh modify sys daemon-log-settings tmm os-log-level informational
tmsh modify sys daemon-log-settings tmm ssl-log-level informational
tmsh modify sys daemon-log-settings mcpd audit enabled
tmsh modify sys daemon-log-settings mcpd log-level notice
tmsh modify sys db log.ssl.level value informational
tmsh save sys config