VCSA-70-000150 - vCenter must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected.

Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).

Satisfies: SRG-APP-000360, SRG-APP-000379, SRG-APP-000510

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the Central Logging Server being used to alert the SA and ISSO, at a minimum, on any AO-defined events.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000172, CCI|CCI-001744, CCI|CCI-001858, Rule-ID|SV-256340r885631_rule, STIG-ID|VCSA-70-000150, Vuln-ID|V-256340

Plugin: VMware

Control ID: 37b0c3e5c67c0a1855c9f1383cd29bedafad700eb675d8f44df5366e49667b10