STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to DBN-6300 NDM Security Technical Implementation Guide

V-255575

CAT II (Medium)

The DBN-6300 must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.

Rule ID

SV-255575r961800_rule

STIG

DBN-6300 NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000172

Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the network device (e.g., module or policy filter). Administrative roles cannot be changed on the device console; thus, this only applies to the User Interface (UI) web management tool. All account activities (creation, modification, disabling, and removal, and other account activities, including successful/unsuccessful attempts to modify administrator privileges) on the DBN-6300 are written out to an audit log. This log carries a wealth of information that provides valuable forensic help, including the origin IP and port and destination and port where the event occurred, as well as the type of event and when it occurred. This data is all used to help establish the identity of any individual or process associated with the event. This can be verified by accessing the audit logs remotely by downloading the System State Report. With the DBN-6300, audit records are automatically backed up on a real-time basis via syslog when enabled.

Check Content

Verify the DBN-6300 is connected to the syslog server.

Navigate to Settings >> Advanced >> Syslog.

Verify that the syslog services are set to "on", the syslog server information is valid, and the syslog server has connected.

Navigate to Settings >> Advanced >> Audit Log.

Verify that the Audit Syslog, "Use System Syslog" button is set to "Yes" and the Audit Configuration Categories are all checked for Audit Log, Syslog, and Audit Console.

Following this verification, process an account administrator privilege modification. Confirm the presence of a syslog message on the syslog server containing the account administrator privilege modification.

If the DBN-6300 is not connected to the syslog server, or if the syslog server is connected but the message containing the information that an account administrator privilege modification has occurred is not there, this is a finding.

Fix Text

Configure the DBN-6300 to be connected to the syslog server. Also configure the DBN-6300 to include audit records in the syslog message feed.

Navigate to Settings >> Advanced >> Syslog.

Enter the syslog connection information (port and IP address) and push the "enabled" button for both "TCP" and "enable".

Navigate to Settings >> Advanced >> Audit Log.

Verify that the Audit Syslog, "Use System Syslog" button is set to "Yes" and the Audit Configuration Categories are all checked for Audit Log, Syslog, and Audit Console.

If the "Use System Syslog" button is not set to "Yes", press the "Yes" button.

Click on "Commit".