CounterACT must enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B.
An XCCDF Rule
Description
<VulnDiscussion>CJCSM 6510.01B, "Cyber Incident Handling Program", in subsection e.(6)(c) sets forth requirements for Cyber events detected by an automated system. By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the network device.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-90905r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Enable and configure Threat Protection notifications.
1. Select Tools >> Options >> Threat Protection.
2. At the bottom of the Threat Protection pane, select "Customer" and then select the "Notify" tab.
3. Modify the Maximum emails per day to "15" and infected host notification to 1 hour.