UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must provide a real-time alert when organizationally defined audit failure events occur.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000085-NDM-000059 SRG-NET-000085-NDM-000059 SRG-NET-000085-NDM-000059_rule Low
Description
Auditing and logging are key components of any security architecture. System administrators need to be notified as soon as possible of possible events which may have adverse security implications. If auditing of user actions cannot occur because of an audit failure, forensic evidence provided by this critical part of the audit trail will be lost. The warning notice that the space allocated for network device audit trail storage is reaching maximum capacity must be sent to the administrators for both the organization's audit log server and the network device. Because there can be a delay between the update of the central audit server and the network device application event, a good best practice is to configure this alert to generate directly from the network device. However, an alert from the organization's central audit log server is also acceptable providing it is real-time.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000085-NDM-000059_chk )
View the list of alerts configured on the network device. Determine if a real-time alert is generated and sent to designated personnel upon audit log failure.

If the system does not provide a real-time alert when organizationally defined audit failure events occur, this is a finding.
Fix Text (F-SRG-NET-000085-NDM-000059_fix)
Configure the network device to provide a real-time alert (e.g., via email) for organizationally defined audit failure events.