The ALG must alert the IAO, IAM, and other individuals designated by the local organization when threats identified by Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000392-ALG-000143 | SRG-NET-000392-ALG-000143 | SRG-NET-000392-ALG-000143_rule | Medium |
| Description |
|---|
| When a security event occurs, the ALG must notify the appropriate support personnel to ensure action is taken to resolve the incident. Automated mechanisms can be used to send automatic alerts or notifications. Such automatic alerts or notifications can be conveyed in a variety of ways (e.g., telephonically, via electronic mail, via text message, or via websites). CJCSM 6510.01B, “Cyber Incident Handling Program” lists nine Cyber Incident and Reportable Event Categories. Indications of a category 1, 2, 4, or 7 incident or indications of threats identified by a CTO must immediately trigger an alert to the IAO, IAM, and other authorized security personnel. Category 1 - Root Level Intrusion (Incident) Category 2 - User Level Intrusion (Incident) Category 4 - Denial of Service (Incident) Category 7 - Malicious Logic (Incident) |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000392-ALG-000143_chk ) |
|---|
| Verify the ALG is configured to send an alert to the IAO, IAM, and organizationally identified individuals when threats identified by Category I, II, IV, and VII incidents are detected. If the ALG is not configured to send an alert to the IAO, IAM, and organizationally identified individuals when threats identified by Category I, II, IV, and VII incidents are detected, this is a finding. |
| Fix Text (F-SRG-NET-000392-ALG-000143_fix) |
|---|
| Configure the ALG to send an alert to the IAO, IAM, and organizationally identified individuals when threats identified by Category I, II, IV, and VII incidents are detected. |