Details

The ISSO must ensure the alarm message identifying the potential security violation makes accessible the audit record contents associated with the event(s).

The relevant audit information must be available to administrators. The firewall shall immediately display an alarm message, identifying the potential security violation and make accessible the audit record contents associated with the event(s) that generated the alarm.

NOTE: This check is a manual review. Determine if the alarm messages contain, or make available, the content of the associated event(s).

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the firewall to write violations to the console and make accessible the audit record contents.

Supportive Information

The following resource is also helpful.

• https://iasecontent.disa.mil/stigs/zip/U_Network_Firewall_V8R25_STIG.zip

This control applies to the following type of system Cisco.

References

• CAT|III
• Rule-ID|SV-15279r2_rule
• STIG-ID|NET0395
• Vuln-ID|V-14653

Source

• Tenable.com/audits