← Back to Application Layer Gateway Security Requirements Guide

V-204996

CAT II (Medium)

The ALG must provide an immediate real-time alert to, at a minimum, the SCA and ISSO, of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

Rule ID

SV-204996r831373_rule

STIG

Application Layer Gateway Security Requirements Guide

Version

V2R3

CCIs

CCI-001858

Discussion

Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less). This does not apply to audit logs generated on behalf of the device itself (management).

Check Content

Verify the ALG provides an immediate real-time alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

If the ALG does not provide an immediate real-time alert to, at a minimum, the SCA and ISSO, of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server, this is a finding.

Fix Text

Configure the ALG to provide an immediate real-time alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.