800-53|SI-4(5)

Title

SYSTEM-GENERATED ALERTS

Description

The information system alerts [Assignment: organization-defined personnel or roles] when the following indications of compromise or potential compromise occur: [Assignment: organization-defined compromise indicators].

Supplemental

Alerts may be generated from a variety of sources, including, for example, audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the notification list can include, for example, system administrators, mission/business owners, system owners, or information system security officers.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-5,PE-6

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.6.3 Configure Netflow on Strategic Ports	Cisco	CIS Cisco NX-OS L2 v1.1.0
1.12 Ensure host-based intrusion detection tool is used - mcafeetp package	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mfetpd process	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.1.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1
2.1.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
2.2 Enable Auto-Notification of Outdated Plugins	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
2.2 Enable Auto-Notification of Outdated Plugins	Windows	CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
2.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L1
2.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
2.3 Enable Information Bar for Outdated Plugins	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
2.3 Enable Information Bar for Outdated Plugins	Windows	CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
2.4.1.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L1
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.2.2 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 10.14 v2.0.0 L1
3.3.2 Configure Storm Control	Cisco	CIS Cisco NX-OS L2 v1.1.0
4.1 Ensure a SNS topic is created for sending out notifications from Cloudtwatch Alarms and Auto-Scaling Groups - CloudwatchAlarms	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
4.2 Ensure a SNS topic is created for sending out notifications from RDS events - RDS Event Subscriptions	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFire	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFire	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
8.3 Block Reported Web Forgeries	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
8.3 Block Reported Web Forgeries	Windows	CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
Alertmail server not configured or this feature is not available on the device	FortiGate	TNS Fortigate FortiOS Best Practices v2.0.0
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - basic-threat	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - From-address	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - logging severity	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - Recipient-address	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - scanning-threat	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - smtp	Cisco	DISA STIG Cisco ASA FW v2r1
Display a notification - DomainProfile	Windows	MSCT Windows 10 1803 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 10 v2004 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 10 v21H2 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 10 1903 v1.19.9
Display a notification - Private Profile	Windows	MSCT Windows 10 v21H1 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 11 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 11 v23H2 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 10 v20H2 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 10 v1507 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 10 1809 v1.0.0
Display a notification - Private Profile	Windows	MSCT Windows 10 1909 v1.0.0

Detections

Analytics