CCI-001858

The A10 Networks ADC must send Emergency messages to the Console, Syslog, and Monitor.

The ALG must provide an immediate real-time alert to, at a minimum, the SCA and ISSO, of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

The application server must provide an immediate real-time alert to authorized users of all log failure events requiring real-time alerts.

The Arista network device must be configured to capture all DOD auditable events.

Applications categorized as having a moderate or high impact must provide an immediate real-time alert to the SA and ISSO (at a minimum) for all audit failure events.

For the host and devices within its scope of coverage, the Central Log Server must be configured to send a real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received.

Log aggregation/SIEM systems must be configured to notify SA and ISSO on Docker Engine - Enterprise audit failure events.

If communication with the central audit server is lost, the firewall must generate a real-time alert to, at a minimum, the SCA and ISSO.

The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts.

If communication with the central audit server is lost, the FortiGate firewall must generate a real-time alert to, at a minimum, the SCA and ISSO.

Forescout must generate a critical alert to be sent to the Information System Security Officer (ISSO) and Systems Administrator (SA) (at a minimum) in the event of an audit processing failure. This is required for compliance with C2C Step 1.

The HP FlexFabric Switch must generate an immediate real-time alert of all audit failure events requiring real-time alerts.

SNMP must be changed from default settings and must be configured on the storage system to provide alerts of critical events that impact system security.

The HYCU Web UI must generate an immediate real-time alert of all audit failure events requiring real-time alerts.

The DataPower Gateway must generate an immediate real-time alert of all audit failure events.

The DataPower Gateway must provide an immediate real-time alert to, at a minimum, the SCA and ISSO, of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

The MQ Appliance messaging server must alert the SA and ISSO, at a minimum, in the event of a log processing failure.

DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.

The WebSphere Application Server must provide an immediate real-time alert to authorized users of all log failure events requiring real-time alerts.

The MQ Appliance network device must generate an immediate alert when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.

The IDPS must assign a critical severity level to all audit processing failures.

The IDPS must provide an alert to, at a minimum, the system administrator and ISSO when any audit failure events occur.

MobileIron Sentry must generate an immediate real-time alert of all audit failure events requiring real-time alerts.

The Juniper router must be configured to generate an alert for all audit failure events.

The Juniper SRX Services Gateway must generate an immediate system alert message to the management console when a log processing failure is detected.

The Mainframe Product must provide an immediate real-time alert to the operations staff, system programmers, and/or security administrators, at a minimum, of all audit failure events requiring real-time alerts.

SQL Server or software monitoring SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures.

ONTAP must have audit guarantee enabled.

The network device must generate an immediate real-time alert of all audit failure events requiring real-time alerts.

Nutanix AOS must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75 percent of maximum log record storage capacity.

Rancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.

Riverbed Optimization System (RiOS) must generate an email alert of all log failure events requiring alerts.

Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received.

Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

A Tanium connector must be configured to send log data to an external audit log reduction-capable system and provide alerts.

Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.

The Tanium application must provide an immediate real-time alert to the system administrator and information system security officer, at a minimum, of all audit failure events requiring real-time alerts.

The Tanium enterprise audit log reduction option must be configured to provide alerts based off Tanium audit data.

The Tanium application must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.

The Trend Micro SMS must generate an alert for all audit failure events requiring real-time alerts.

The Tanium operating system (TanOS) must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.

The VPN Gateway must generate a log record or an SNMP trap that can be forwarded as an alert to, at a minimum, the SCA and ISSO, of all log failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.

The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

The macOS system must configure audit failure notification.

The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost.

PostgreSQL must provide an immediate alert to appropriate support staff of all audit log failures.

The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events.

The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts.

The Cisco router must be configured to generate an alert for all audit failure events.

The Cisco switch must be configured to generate an alert for all audit failure events.

The Cisco ISE must send an alarm to one or more individuals when the monitoring collector process has an error or failure.

The Cisco ISE must generate a critical alert to be sent to the ISSO and SA (at a minimum) in the event of an audit processing failure. This is required for compliance with C2C Step 1.

The Cisco ISE must provide an alert to, at a minimum, the SA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server. This is required for compliance with C2C Step 1.

The container platform must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.

The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit log failures.

The DBMS must provide an immediate real-time alert to appropriate support staff of all audit log failures.

The operating system must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.

The HPE 3PAR OS must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

IBM z/OS BUFUSEWARN in the SMFPRMxx must be properly set.

The ICS must be configured to forward all log failure events where the detection and/or prevention function is unable to write events to local log record or send an SNMP trap that can be forwarded to the SCA and ISSO.

The ICS must be configured to send admin log data to a redundant central log server.

The Juniper EX switch must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts.

MarkLogic Server must provide an immediate real-time alert to appropriate support staff of all audit failures.

MariaDB must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.

MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.

SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures.

The DBMS must provide a real-time alert when organization-defined audit failure events occur.

The system must provide a real-time alert when organization-defined audit failure events occur.

PostgreSQL must provide an immediate real-time alert to appropriate support staff of all audit log failures.

The MySQL Database Server 8.0 must provide an immediate real-time alert to appropriate support staff of all audit log failures.

The Palo Alto Networks security platform must have alarms enabled.

Redis Enterprise DBMS must provide an immediate real-time alert to appropriate support staff of all audit log failures.

OpenShift must configure Alert Manger Receivers to notify SA and ISSO of all audit failure events requiring real-time alerts.

The audit system must alert the System Administrator (SA) if there is any type of audit failure.

The VMM must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.

The Photon operating system audit log must log space limit problems to syslog.

The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

"Rsyslog" must be configured to monitor VMware Postgres logs.

vCenter must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

The Photon operating system must alert the ISSO and SA in the event of an audit processing failure.

The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.

The F5 BIG-IP appliance must generate audit records and send records to redundant central syslog servers that are separate from the appliance.

Sentry must generate an immediate real-time alert of all audit failure events requiring real-time alerts.

MongoDB must provide an immediate real-time alert to appropriate support staff of all audit log failures.