The ALG must alert the IAO, IAM, and other individuals designated by the local organization when threats identified by Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000392-ALG-000143	SRG-NET-000392-ALG-000143	SRG-NET-000392-ALG-000143_rule		Medium

Description
When a security event occurs, the ALG must notify the appropriate support personnel to ensure action is taken to resolve the incident. Automated mechanisms can be used to send automatic alerts or notifications. Such automatic alerts or notifications can be conveyed in a variety of ways (e.g., telephonically, via electronic mail, via text message, or via websites). CJCSM 6510.01B, “Cyber Incident Handling Program” lists nine Cyber Incident and Reportable Event Categories. Indications of a category 1, 2, 4, or 7 incident or indications of threats identified by a CTO must immediately trigger an alert to the IAO, IAM, and other authorized security personnel. Category 1 - Root Level Intrusion (Incident) Category 2 - User Level Intrusion (Incident) Category 4 - Denial of Service (Incident) Category 7 - Malicious Logic (Incident)

Description

When a security event occurs, the ALG must notify the appropriate support personnel to ensure action is taken to resolve the incident. Automated mechanisms can be used to send automatic alerts or notifications. Such automatic alerts or notifications can be conveyed in a variety of ways (e.g., telephonically, via electronic mail, via text message, or via websites). CJCSM 6510.01B, “Cyber Incident Handling Program” lists nine Cyber Incident and Reportable Event Categories. Indications of a category 1, 2, 4, or 7 incident or indications of threats identified by a CTO must immediately trigger an alert to the IAO, IAM, and other authorized security personnel. Category 1 - Root Level Intrusion (Incident) Category 2 - User Level Intrusion (Incident) Category 4 - Denial of Service (Incident) Category 7 - Malicious Logic (Incident)

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000392-ALG-000143_chk )
Verify the ALG is configured to send an alert to the IAO, IAM, and organizationally identified individuals when threats identified by Category I, II, IV, and VII incidents are detected. If the ALG is not configured to send an alert to the IAO, IAM, and organizationally identified individuals when threats identified by Category I, II, IV, and VII incidents are detected, this is a finding.

Fix Text (F-SRG-NET-000392-ALG-000143_fix)
Configure the ALG to send an alert to the IAO, IAM, and organizationally identified individuals when threats identified by Category I, II, IV, and VII incidents are detected.