The system vulnerability assessment tool, host-based intrusion detection tool, and file integrity tool must notify the SA and the IAO of a security breach or a suspected security breach.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-12028	GEN006560	SV-35159r1_rule	ECAT-1 ECAT-2	Medium

Description
Timely notifications of potential security compromises minimize the potential damage. Minimally, the system must log these events and the SA and the IAO will receive the notifications during the daily system log review. If feasible, active alerting (such as e-mail or paging) should be employed consistent with the site’s established operations management systems and procedures.

STIG	Date
HP-UX 11.23 Security Technical Implementation Guide	2015-06-12

Details

Check Text ( C-36725r2_chk )
Ask the SA if any security tool application is loaded on the system. Security tool applications include, but are not limited to, antivirus, file integrity, root kit detection, host-based intrusion detection, and vulnerability assessment tools. For each security tool on the system, determine if the tool is configured to notify the IAO and SA of any detected security problem. If such notifications are not configured, this is a finding.

Check Text ( C-36725r2_chk )

Ask the SA if any security tool application is loaded on the system. Security tool applications include, but are not limited to, antivirus, file integrity, root kit detection, host-based intrusion detection, and vulnerability assessment tools. For each security tool on the system, determine if the tool is configured to notify the IAO and SA of any detected security problem. If such notifications are not configured, this is a finding.

Fix Text (F-32106r1_fix)
Configure the security tools on the system to notify the IAO and SA when any security issues are detected.