Skip to content
ATO Pathways
  Log In

CCI-003831

Alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.

Logo
1

Rule

Severity: Medium
The application server must alert the system administrator (SA) and information system security offer (ISSO), at a minimum, in the event of a log processing failure.
Logo
1

Rule

Severity: Medium
The application server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Logo
1

Rule

Severity: Medium
The Central Log Server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Logo
3

Rule

Severity: Medium
The Cisco router must be configured to generate an alert for all audit failure events.
Logo
1

Rule

Severity: Medium
The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts.
Logo
3

Rule

Severity: Medium
The Cisco switch must be configured to generate an alert for all audit failure events.
Logo
1

Rule

Severity: Medium
The Cisco ISE must be configured to use an external authentication server to authenticate administrators prior to granting administrative access.
Logo
1

Rule

Severity: Medium
The DBMS must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Logo
1

Rule

Severity: Medium
The container platform must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Logo
1

Rule

Severity: Medium
The DNS server implementation must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Logo
1

Rule

Severity: Medium
Forescout must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
Logo
1

Rule

Severity: High
The ICS must be configured to prevent nonprivileged users from executing privileged functions.
Logo
1

Rule

Severity: Medium
The Juniper router must be configured to generate an alert for all audit failure events.
Logo
1

Rule

Severity: High
The Juniper EX switch must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
Logo
1

Rule

Severity: Medium
The Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.
Logo
1

Rule

Severity: Medium
The Mainframe Product must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Logo
1

Rule

Severity: Medium
The network device must be configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Logo
1

Rule

Severity: Low
The Palo Alto Networks security platform must have alarms enabled.
Logo
1

Rule

Severity: Medium
The Palo Alto Networks security platform must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW CJCSM 6510.01B.
Logo
1

Rule

Severity: Low
Splunk Enterprise must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to be assigned to the Power User role.
Logo
1

Rule

Severity: Low
Splunk Enterprise must allow only the individuals appointed by the information system security manager (ISSM) to have full admin rights to the system.
Logo
1

Rule

Severity: High
The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.
Logo
1

Rule

Severity: High
The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
Logo
1

Rule

Severity: Medium
The web server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules