Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16843 | APP6130 | SV-17843r1_rule | ECAT-2 | Low |
Description |
---|
For critical and classified systems, an automated, continuous on-line monitoring and audit trail creation capability must be deployed with the capability to immediately alert personnel of any unusual or inappropriate activity with potential IA implications, and with a user configurable capability to automatically disable the system if serious IA violations are detected. This protects the system from serious data compromises. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-04-03 |
Check Text ( C-17850r1_chk ) |
---|
Interview the application representative and determine if any logs are being automatically monitored and if alerts are sent out on any activities. 1) If there are no automated alerts, this is a finding. |
Fix Text (F-17165r1_fix) |
---|
Modify the application to implement automatic monitoring and alerts. |