Capacity
CCI-001861
Invoke a full system shutdown, partial system shutdown, or degraded operational mode with limited mission or business functionality available in the event of organization-defined audit logging failures, unless an alternate audit logging capability exists.
1
Rule
Severity: Low
The Central Log Server must be configured to send an immediate alert to the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.
2
Rule
Severity: Medium
Forescout must be configured with a secondary log server, in case the primary log is unreachable. This is required for compliance with C2C Step 1.
4
Rule
Severity: Low
Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.
1
Rule
Severity: Medium
When communications with the Central Log Server is lost, the VPN Gateway must continue to queue traffic log records locally.
2
Rule
Severity: Medium
The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable.
2
Rule
Severity: Medium
The Cisco ISE must be configured with a secondary log server in case the primary log is unreachable. This is required for compliance with C2C Step 1.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules