UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Automated audit reporting tools must be available.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18878 EMG3-079 EMail SV-20669r2_rule ECRG-1 Medium
Description
Monitors are automated “process watchers” that respond to performance changes, and can be useful in detecting outages and alerting administrators where attention is needed. Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. However, audit record collection may quickly overwhelm storage resources and an auditor’s ability to review it in a productive manner. Add to that, an audit trail that is not monitored for detection of suspicious activities provides little value. Regular or daily review of audit logs not only leads to the earliest possible notice of a compromise, but can also minimize the extent of the compromise. Automated Log Monitoring gives the additional boost to the monitoring process, in that noteworthy events are more immediately detected, provided they have been defined to the automated monitoring process. Log data can be mined for specific events, and upon detection, they can be analyzed to provide choices for alert methods, reports, trend analyses, attack scenario solutions.
STIG Date
Email Services Policy STIG 2013-12-11

Details

Check Text ( C-22523r2_chk )
Access the EDSP for description of automated audit trail review tool. Review automated tool usage artifacts or reports with audit trail result data.

If automated tools are available for review and reporting on email server audit records, this is not a finding.
Fix Text (F-19576r2_fix)
Implement automated reporting tools for Email Server audit records. Document the specifics in the EDSP.