CCI|CCI-001858

Title

Provide an alert in an organization-defined real-time-period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.	Windows	DISA Windows Vista STIG v6r41
AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-001031 - The macOS system must configure audit failure notification.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-001031 - The macOS system must configure audit failure notification.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
ARST-ND-000790 - The Arista network device must be configured to capture all DOD auditable events.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Failure Notification	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - From-address	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - Logging Errors	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - Recipient-address	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - Severity	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - smtp	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts - logging host	Cisco	DISA STIG Cisco ASA NDM v2r1
CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts - logging trap	Cisco	DISA STIG Cisco ASA NDM v2r1
CASA-VN-000090 - The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events - logging host	Cisco	DISA STIG Cisco ASA VPN v2r1
CASA-VN-000090 - The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events - logging trap	Cisco	DISA STIG Cisco ASA VPN v2r1
Catalina - Configure Audit Failure Notification	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Configure Audit Failure Notification	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure Audit Failure Notification	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure Audit Failure Notification	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Audit Failure Notification	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure Audit Failure Notification	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
CD12-00-002700 - PostgreSQL must provide an immediate alert to appropriate support staff of all audit log failures.	PostgreSQLDB	DISA STIG Crunchy Data PostgreSQL DB v3r1
CISC-ND-001000 - The Cisco router must be configured to generate an alert for all audit failure events.	Cisco	DISA STIG Cisco IOS Router NDM v3r1
CISC-ND-001000 - The Cisco router must be configured to generate an alert for all audit failure events.	Cisco	DISA STIG Cisco IOS XE Router NDM v3r1
CISC-ND-001000 - The Cisco router must be configured to generate an alert for all audit failure events.	Cisco	DISA STIG Cisco IOS-XR Router NDM v3r1
CISC-ND-001000 - The Cisco switch must be configured to generate an alert for all audit failure events.	Cisco	DISA STIG Cisco NX-OS Switch NDM v3r1
CISC-ND-001000 - The Cisco switch must be configured to generate an alert for all audit failure events.	Cisco	DISA STIG Cisco IOS XE Switch NDM v3r1
CISC-ND-001000 - The Cisco switch must be configured to generate an alert for all audit failure events.	Cisco	DISA STIG Cisco IOS Switch NDM v3r1
DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.	Unix	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.	Windows	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DKER-EE-003340 - Log aggregation/SIEM systems must be configured to notify SA and ISSO on Docker Engine - Enterprise audit failure events.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-008100 - The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-008100 - The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit log failures.	PostgreSQLDB	EnterpriseDB PostgreSQL Advanced Server DB v2r1
FGFW-ND-000115 - The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts.	FortiGate	DISA Fortigate Firewall NDM STIG v1r4
FNFG-FW-000105 - If communication with the central audit server is lost, the FortiGate firewall must generate a real-time alert to, at a minimum, the SCA and ISSO.	FortiGate	DISA Fortigate Firewall STIG v1r3
JUEX-NM-000420 - The Juniper EX switch must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts.	Juniper	DISA Juniper EX Series Network Device Management v2r1
JUNI-ND-000990 - The Juniper router must be configured to generate an alert for all audit failure events.	Juniper	DISA STIG Juniper Router NDM v3r1
JUSX-DM-000059 - The Juniper SRX Services Gateway must generate an immediate system alert message to the management console when a log processing failure is detected.	Juniper	DISA Juniper SRX Services Gateway NDM v3r1

Detections

Analytics

CCI|CCI-001858

Title

Reference Item Details

Audit Items