UCF STIG Viewer Logo

The auditing process DOES NOT record security relevant actions such as the changing of security levels or categories of information


Overview

Finding ID Version Rule ID IA Controls Severity
V-8546 DSN15.07 SV-9043r1_rule ECAR-1 ECAR-2 ECAR-3 ECSC-1 Medium
Description
Requirement: The IAO will ensure that the auditing process records security relevant actions (e.g., the changing of security levels or categories of information). Security relevant actions such as the following should be recorded to provide an effective security audit process: - Logons and logouts - Excessive logon attempts/failures - Remote system access - Change in privileges or security attributes - Change of security levels or categories of information - Failed attempts to access restricted system privilege levels or data files - Audit file access (if possible) - Password changes - Device configuration changes The information that each audit record should have is as follows: - Date and time of the event - Origin of the request (e.g., terminal ID) - Unique ID of the user who initiated the event - Type of event - Success or failure - Description of modification to configurations
STIG Date
Defense Switched Network (DSN) STIG 2017-01-19

Details

Check Text ( C-7690r1_chk )
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable.
Fix Text (F-7968r1_fix)
Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.