UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The ISSO must ensure an acknowledgement message identifying a reference to the potential security violation is logged and it contains a notice that it has been acknowledged, the time of the acknowledgement and the user identifier that acknowledged the alarm, at the remote administrator session that received the alarm.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14656 NET0398 SV-15282r2_rule ECAR-1 ECAR-2 ECAR-3 ECSC-1 Low
Description
Acknowledging the alert could be a single event, or different events. In addition, assurance is required that each administrator that received the alarm message also receives the acknowledgement message, which includes some form of reference to the alarm message, who acknowledged the message and when.
STIG Date
Firewall Security Technical Implementation Guide - Cisco 2016-12-21

Details

Check Text ( C-12671r2_chk )
The firewall shall display an acknowledgement message identifying a reference to the potential security violation, a notice that it has been acknowledged, the time of the acknowledgement and the user identifier that acknowledged the alarm at the remote administrator sessions that received the alarm.

Have the administrator verify these capabilities.

If the notifications do not include the proper references, this is a finding.
Fix Text (F-14115r1_fix)
Configure the firewall to send acknowledge messages to administrators, referencing the alarm, who acknowledged the alarm, and timestamps.