STIGQter: STIG Summary: Central Log Server Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:

For devices and hosts within its scope of coverage, the Central Log Server must notify the System Administrator (SA) and Information System Security Officer (ISSO) when events indicating account disabling actions are received.

DISA Rule

SV-95847r1_rule

Vulnerability Number

V-81133

Group Title

SRG-APP-000293-AU-000430

Rule Version

SRG-APP-000293-AU-000430

Severity

CAT III

CCI(s)

• CCI-001685 - The information system notifies organization-defined personnel or roles for account disabling actions.

Weight

10

Fix Recommendation

Configure the Central Log Server to notify the SA and ISSO when events indicating account disabling actions are received for all devices and hosts within its scope of coverage.

Check Contents

Note: This is not applicable (NA) if notifications are performed by another device.

Examine the configuration.

Verify the Central Log Server is configured to notify the SA and ISSO when events indicating account disabling actions are received for all devices and hosts within its scope of coverage.

If the Central Log Server does not notify the SA and ISSO when events indicating account disabling actions are received, this is a finding.

Vulnerability Number

V-81133

Documentable

False

Rule Version

SRG-APP-000293-AU-000430

Severity Override Guidance

Note: This is not applicable (NA) if notifications are performed by another device.

Examine the configuration.

Verify the Central Log Server is configured to notify the SA and ISSO when events indicating account disabling actions are received for all devices and hosts within its scope of coverage.

If the Central Log Server does not notify the SA and ISSO when events indicating account disabling actions are received, this is a finding.

Check Content Reference

M

Target Key

3395

Comments