The Riverbed NetIM must enable and configure user audit logging.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
high	V-275452	SRG-APP-000028-NDM-000210	RIIM-DM-000002	SV-275452r1147406_rule	2025-09-29	1

Description
Auditing account disabling actions will support account management procedures. When device management accounts are disabled, user or service accessibility may be affected. Auditing also ensures authorized active accounts remain enabled and available for use when required. If the User-Audit Logging role is not assigned to an admin, then all admins can see the log. If the role is defined, then the role is the only one that can see the local audit log. Satisfies: SRG-APP-000028-NDM-000210, SRG-APP-000381-NDM-000305, SRG-APP-000029-NDM-000211, SRG-APP-000027-NDM-000209, SRG-APP-000091-NDM-000223, SRG-APP-000092-NDM-000224, SRG-APP-000516-NDM-000334, SRG-APP-000495-NDM-000318, SRG-APP-000499-NDM-000319, SRG-APP-000503-NDM-000320, SRG-APP-000504-NDM-000321, SRG-APP-000505-NDM-000322, SRG-APP-000506-NDM-000323, SRG-APP-000099-NDM-000229, SRG-APP-000098-NDM-000228, SRG-APP-000097-NDM-000227, SRG-APP-000096-NDM-000226, SRG-APP-000095-NDM-000225, SRG-APP-000101-NDM-000231, SRG-APP-000100-NDM-000230, SRG-APP-000177-NDM-000263, SRG-APP-000319-NDM-000283, SRG-APP-000026-NDM-000208, SRG-APP-000343-NDM-000289

Description

Auditing account disabling actions will support account management procedures. When device management accounts are disabled, user or service accessibility may be affected. Auditing also ensures authorized active accounts remain enabled and available for use when required. If the User-Audit Logging role is not assigned to an admin, then all admins can see the log. If the role is defined, then the role is the only one that can see the local audit log. Satisfies: SRG-APP-000028-NDM-000210, SRG-APP-000381-NDM-000305, SRG-APP-000029-NDM-000211, SRG-APP-000027-NDM-000209, SRG-APP-000091-NDM-000223, SRG-APP-000092-NDM-000224, SRG-APP-000516-NDM-000334, SRG-APP-000495-NDM-000318, SRG-APP-000499-NDM-000319, SRG-APP-000503-NDM-000320, SRG-APP-000504-NDM-000321, SRG-APP-000505-NDM-000322, SRG-APP-000506-NDM-000323, SRG-APP-000099-NDM-000229, SRG-APP-000098-NDM-000228, SRG-APP-000097-NDM-000227, SRG-APP-000096-NDM-000226, SRG-APP-000095-NDM-000225, SRG-APP-000101-NDM-000231, SRG-APP-000100-NDM-000230, SRG-APP-000177-NDM-000263, SRG-APP-000319-NDM-000283, SRG-APP-000026-NDM-000208, SRG-APP-000343-NDM-000289

ℹ️ Check
Verify user audit logging is enabled. 1. From the GUI menu, navigate to Configure >> All Settings >> Administer >> User Audit. 2. Under the User Audit Logging section, verify "Yes" is selected. If user audit logging is not enabled and assigned, this is a finding.

✔️ Fix
Enable the User Audit role and assign to a user. 1. From the GUI, navigate to Configure >> All Settings >> Administer >> User Audit. 2. On the Settings tab, select "Yes" under the User Audit Logging section. 3. Assign the role to an admin user account. Note: The user auditor role removes all other admin roles and functions from the users assigned the role of audit administrator. Other types of administrators, including the default admin of last resort, will not be able to access the auditing functions or local audit log.

✔️ Fix

Enable the User Audit role and assign to a user. 1. From the GUI, navigate to Configure >> All Settings >> Administer >> User Audit. 2. On the Settings tab, select "Yes" under the User Audit Logging section. 3. Assign the role to an admin user account. Note: The user auditor role removes all other admin roles and functions from the users assigned the role of audit administrator. Other types of administrators, including the default admin of last resort, will not be able to access the auditing functions or local audit log.