The ISSO must ensure an acknowledgement message identifying a reference to the potential security violation is logged and it contains a notice that it has been acknowledged, the time of the acknowledgement and the user identifier that acknowledged the alarm, at the remote administrator session that received the alarm.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-14656	NET0398	SV-15282r2_rule	ECAR-1 ECAR-2 ECAR-3 ECSC-1	Low

Description
Acknowledging the alert could be a single event, or different events. In addition, assurance is required that each administrator that received the alarm message also receives the acknowledgement message, which includes some form of reference to the alarm message, who acknowledged the message and when.

STIG	Date
Firewall Security Technical Implementation Guide - Cisco	2017-12-07

Details

Check Text ( C-12671r2_chk )
The firewall shall display an acknowledgement message identifying a reference to the potential security violation, a notice that it has been acknowledged, the time of the acknowledgement and the user identifier that acknowledged the alarm at the remote administrator sessions that received the alarm. Have the administrator verify these capabilities. If the notifications do not include the proper references, this is a finding.

Check Text ( C-12671r2_chk )

The firewall shall display an acknowledgement message identifying a reference to the potential security violation, a notice that it has been acknowledged, the time of the acknowledgement and the user identifier that acknowledged the alarm at the remote administrator sessions that received the alarm.

Have the administrator verify these capabilities.

If the notifications do not include the proper references, this is a finding.

Fix Text (F-14115r1_fix)
Configure the firewall to send acknowledge messages to administrators, referencing the alarm, who acknowledged the alarm, and timestamps.