CCI|CCI-001858

Title

The information system provides a real-time alert in an organization-defined real-time period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2013

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.	Windows	DISA Windows Server 2008 MS STIG v6r46
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.	Windows	DISA Windows 7 STIG v1r32
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.	Windows	DISA Windows Vista STIG v6r41
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.	Windows	DISA Windows Server 2008 DC STIG v6r47
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
AOSX-09-000310 - System must provide an immediate real-time alert to the SA and ISSO of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.9 v1r2
AOSX-10-000310 - System must provide an immediate real-time alert to the SA and ISSO of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.10 v1r5
AOSX-11-000310 - The system must provide an immediate real-time alert of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.11 v1r6
AOSX-12-000310 - The OS X system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.12 v1r6
AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.13 v2r1
AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.13 v2r3
AOSX-14-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.14 v2r1
AOSX-14-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.14 v2r4
AOSX-14-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.14 v2r5
AOSX-14-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.15 v1r3
AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.15 v1r5
AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.15 v1r7
APPL-11-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 11 v1r7
APPL-11-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 11 v1r1
APPL-11-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 11 v1r3
APPL-11-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 11 v1r6
APPL-11-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 12 V1R2
APPL-12-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 12 v1r3
APPL-12-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 12 v1r4
APPL-12-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 12 v1r5
APPL-12-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-12-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 12 v1r7
APPL-13-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 13 v1r1
APPL-13-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 13 v1r2
APPL-13-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 13 v1r3
APPL-14-001031 - The macOS system must configure audit failure notification.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
ARST-ND-000790 - The Arista network device must be configured to capture all DOD auditable events.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v1r1
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - From-address	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - From-address	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - From-address	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - Logging Errors	Cisco	DISA STIG Cisco ASA FW v1r3

Detections

Analytics

CCI|CCI-001858

Title

Reference Item Details

Audit Items