CCI-003831
Alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
The application server must alert the system administrator (SA) and information system security offer (ISSO), at a minimum, in the event of a log processing failure.
1 rule found Severity: Medium
The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts.
1 rule found Severity: Medium
3 rules found Severity: Medium
3 rules found Severity: Medium
The Cisco ISE must be configured to use an external authentication server to authenticate administrators prior to granting administrative access.
1 rule found Severity: Medium
The DNS server implementation must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
1 rule found Severity: Medium
1 rule found Severity: High
The Juniper EX switch must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
1 rule found Severity: High
The network device must be configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
1 rule found Severity: Medium
Splunk Enterprise must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to be assigned to the Power User role.
1 rule found Severity: Low
Splunk Enterprise must allow only the individuals appointed by the information system security manager (ISSM) to have full admin rights to the system.
1 rule found Severity: Low
The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.
1 rule found Severity: High
The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High
The web server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
1 rule found Severity: Medium
The application server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
1 rule found Severity: Medium
The Central Log Server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
1 rule found Severity: Medium
The container platform must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
1 rule found Severity: Medium
The DBMS must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
1 rule found Severity: Medium
The Dell OS10 Switch must generate an immediate real-time alert of all audit failure events requiring real-time alerts.
1 rule found Severity: Medium
Forescout must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
1 rule found Severity: Medium
The HYCU virtual appliance must generate an immediate real-time alert of all audit failure events requiring real-time alerts.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.
1 rule found Severity: Medium
The Mainframe Product must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
1 rule found Severity: Medium