800-53|SI-4(12)

Title

AUTOMATED ALERTS

Description

The organization employs automated mechanisms to alert security personnel of the following inappropriate or unusual activities with security implications: [Assignment: organization-defined activities that trigger alerts].

Supplemental

This control enhancement focuses on the security alerts generated by organizations and transmitted using automated means. In contrast to the alerts generated by information systems in SI-4(5), which tend to focus on information sources internal to the systems (e.g., audit records), the sources of information for this enhancement can include other entities as well (e.g., suspicious activity reports, reports on potential insider threats).

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-18,IA-3

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
5.4 Set 'Turn on certificate address mismatch warning' to 'Enabled'	Windows	CIS IE 11 v1.0.0
5.4 Set 'Turn on certificate address mismatch warning' to 'Enabled'	Windows	CIS IE 10 v1.1.0
8.1.15 Set 'Launching programs and unsafe files' to 'Enabled:Disable'	Windows	CIS IE 10 v1.1.0
8.1.15 Set 'Launching programs and unsafe files' to 'Enabled:Disable'	Windows	CIS IE 11 v1.0.0
8.3.12 Set 'Launching programs and unsafe files' to 'Enabled:Prompt'	Windows	CIS IE 11 v1.0.0
8.3.12 Set 'Launching programs and unsafe files' to 'Enabled:Prompt'	Windows	CIS IE 10 v1.1.0
DTBI015 - The IE warning about certificate address mismatch must be enforced.	Windows	DISA STIG Microsoft Internet Explorer 9 v1r15
DTBI820 - Launching programs and unsafe files property must be set to prompt (Internet zone).	Windows	DISA STIG Microsoft Internet Explorer 9 v1r15
DTBI870 - Launching programs and unsafe files property must be set to prompt (Restricted Site zone).	Windows	DISA STIG Microsoft Internet Explorer 9 v1r15
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B.	F5	DISA F5 BIG-IP Device Management STIG v2r3
FireEye - System events are emailed to administrators	FireEye	TNS FireEye
PANW-NM-000131 - The Palo Alto Networks security platform must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW CJCSM 6510.01B.	Palo_Alto	DISA STIG Palo Alto NDM v2r2
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server v1909 DC v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server 1903 DC v1.19.9
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server v1909 MS v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server v2004 MS v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server 2019 DC v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 1809 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 v21H2 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 v20H2 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 11 v23H2 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server 1903 MS v1.19.9
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 11 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT MSCT Windows Server 2022 DC v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server 2016 MS v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server v20H2 DC v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server 2022 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server v2004 DC v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server 2019 MS v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server 2016 DC v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows Server v20H2 MS v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 v1507 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 1909 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 1803 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 v2004 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 1903 v1.19.9
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 v22H2 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 10 v21H1 v1.0.0
Show security warning for potentially unsafe files - Internet Zone	Windows	MSCT Windows 11 v22H2 v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows Server v2004 DC v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows 11 v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows Server v1909 MS v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows Server v1909 DC v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows Server v2004 MS v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows Server 2019 DC v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows Server 2022 v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows Server v20H2 MS v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows Server 2016 DC v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows 10 1909 v1.0.0
Show security warning for potentially unsafe files - Restricted Sites Zone	Windows	MSCT Windows 10 1803 v1.0.0

Detections

Analytics