800-53|SI-4(5)

Title

SYSTEM-GENERATED ALERTS

Description

The information system alerts [Assignment: organization-defined personnel or roles] when the following indications of compromise or potential compromise occur: [Assignment: organization-defined compromise indicators].

Supplemental

Alerts may be generated from a variety of sources, including, for example, audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the notification list can include, for example, system administrators, mission/business owners, system owners, or information system security officers.

Reference Item Details

Related: AU-5,PE-6

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.6.3 Configure Netflow on Strategic PortsCiscoCIS Cisco NX-OS L2 v1.1.0
1.12 Ensure host-based intrusion detection tool is used - mcafeetp packageUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mfetpd processUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
2.2 Enable Auto-Notification of Outdated PluginsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
2.2 Enable Auto-Notification of Outdated PluginsWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura v3.0.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
2.3 Enable Information Bar for Outdated PluginsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
2.3 Enable Information Bar for Outdated PluginsWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
2.4.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v3.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
3.3.2 Configure Storm ControlCiscoCIS Cisco NX-OS L2 v1.1.0
4.1 Ensure a SNS topic is created for sending out notifications from Cloudtwatch Alarms and Auto-Scaling Groups - CloudwatchAlarmsamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
4.2 Ensure a SNS topic is created for sending out notifications from RDS events - RDS Event Subscriptionsamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
8.3 Block Reported Web ForgeriesUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
8.3 Block Reported Web ForgeriesWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
Alertmail server not configured or this feature is not available on the deviceFortiGateTNS Fortigate FortiOS Best Practices v2.0.0
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - basic-threatCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - From-addressCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - logging severityCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - Recipient-addressCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - scanning-threatCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - smtpCiscoDISA STIG Cisco ASA FW v2r1
Display a notification - DomainProfileWindowsMSCT Windows 10 1803 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 v2004 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 v21H2 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 1903 v1.19.9
Display a notification - Private ProfileWindowsMSCT Windows 10 v21H1 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 11 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 11 v23H2 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 v20H2 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 11 v24H2 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows Server 2012 R2 DC v1.0.0