STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to F5 BIG-IP TMOS ALG Security Technical Implementation Guide

V-266146

CAT II (Medium)

The F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.

Rule ID

SV-266146r1024841_rule

STIG

F5 BIG-IP TMOS ALG Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000172CCI-000130CCI-000131CCI-000132CCI-000133CCI-000134CCI-001487CCI-001243CCI-002656CCI-002684CCI-002664CCI-002400

Discussion

Without generating audit records that log usage of objects by subjects and other objects, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. The device logs internal users associated with denied outgoing communications traffic posing a threat to external information systems. Audit records can be generated from various components within the information system (e.g., module or policy filter). Security objects are data objects which are controlled by security policy and bound to security attributes. Satisfies: SRG-NET-000492-ALG-000027, SRG-NET-000494-ALG-000029, SRG-NET-000495-ALG-000030, SRG-NET-000496-ALG-000031, SRG-NET-000497-ALG-000032, SRG-NET-000498-ALG-000033, SRG-NET-000499-ALG-000034, SRG-NET-000500-ALG-000035, SRG-NET-000501-ALG-000036, SRG-NET-000502-ALG-000037, SRG-NET-000503-ALG-000038, SRG-NET-000505-ALG-000039, SRG-NET-000513-ALG-000026, SRG-NET-000074-ALG-000043, SRG-NET-000075-ALG-000044, SRG-NET-000076-ALG-000045, SRG-NET-000077-ALG-000046, SRG-NET-000078-ALG-000047, SRG-NET-000079-ALG-000048, SRG-NET-000249-ALG-000146, SRG-NET-000383-ALG-000135, SRG-NET-000385-ALG-000138, SRG-NET-000392-ALG-000141, SRG-NET-000392-ALG-000142, SRG-NET-000392-ALG-000143, SRG-NET-000392-ALG-000147, SRG-NET-000392-ALG-000148, SRG-NET-000392-ALG-000149, SRG-NET-000370-ALG-000125

Check Content

APM Default Log Profile:
From the BIG-IP GUI:
1. Access.
2. Overview.
3. Event Logs.
4. Settings.
5. Check the box for the "default-log-setting" and click "Edit".
6. Verify "Enable Access System Logs" is checked.
7. On the "Access System Logs" tab, verify all items are set to "Notice".


Access Profile Log Setting:
From the BIG-IP GUI:
1. Access.
2. Profiles/Policies.
3. Access Profiles (Per-Session Policies).
4. Click the Name of the Access Profile.
5. Logs tab.
6. Verify "default-log-setting" is in the "Selected" column.

If the BIG-IP appliance is not configured to generate log records, this is a finding.

Fix Text

Note: Performing this Fix modifies the "default-log-setting" log profile, but users can use a different log profile for the Access Profile. However, this requires using the APM Module.

APM Default Log Profile:
From the BIG-IP GUI:
1. Access.
2. Overview.
3. Event Logs.
4. Settings.
5. Check the box for the "default-log-setting" and click "Edit".
6. Check "Enable Access System Logs".
7. On the "Access System Logs" tab, set all items are to "Notice".
8. Click "OK".

Access Profile Log Setting:
From the BIG-IP GUI:
1. Access.
2. Profiles/Policies.
3. Access Profiles (Per-Session Policies).
4. Click the Name of the Access Profile.
5. Logs tab.
6. Move "default-log-setting" to the "Selected" column.
7. Click "Update".