STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Applications categorized as having a moderate or high impact must provide an immediate real-time alert to the SA and ISSO (at a minimum) for all audit failure events.

DISA Rule

SV-222484r508029_rule

Vulnerability Number

V-222484

Group Title

SRG-APP-000360

Rule Version

APSC-DV-001100

Severity

CAT II

CCI(s)

CCI-001858 - The information system provides a real-time alert in an organization-defined real-time period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Weight

Fix Recommendation

Configure the log alerts to send an alarm when the audit system is in danger of failing or has failed.

Configure the log alerts to be immediately sent to the application admin/SA and ISSO.

Check Contents

Review system documentation and interview application administrator for details regarding application security categorization and logging configuration.

If the application utilizes a centralized logging system that provides the real-time alarms, this requirement is not applicable.

Review application log alert configuration.

Identify audit failure events and associated alarming configuration.

If the application is categorized as having a moderate or high impact and is not configured to provide a real-time alert that indicates the audit system has failed or is failing, this is a finding.

Applications categorized as having a moderate or high impact must provide an immediate real-time alert to the SA and ISSO (at a minimum) for all audit failure events.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments