800-53|SI-4(5)

Title

SYSTEM-GENERATED ALERTS

Description

The information system alerts [Assignment: organization-defined personnel or roles] when the following indications of compromise or potential compromise occur: [Assignment: organization-defined compromise indicators].

Supplemental

Alerts may be generated from a variety of sources, including, for example, audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the notification list can include, for example, system administrators, mission/business owners, system owners, or information system security officers.

Reference Item Details

Related: AU-5,PE-6

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.12 Ensure host-based intrusion detection tool is used - mcafeetp packageUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mfetpd processUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2 Enable Auto-Notification of Outdated PluginsWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
2.2 Enable Auto-Notification of Outdated PluginsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 17 L1 v1.0.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 16 L1 v1.1.2
2.3 Enable Information Bar for Outdated PluginsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
2.3 Enable Information Bar for Outdated PluginsWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v1.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 11 v2.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.15 v2.1.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
4.1 Ensure a SNS topic is created for sending out notifications from Cloudtwatch Alarms and Auto-Scaling Groups - CloudwatchAlarmsamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
4.2 Ensure a SNS topic is created for sending out notifications from RDS events - RDS Event Subscriptionsamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.10.3 Ensure Pod Security Policy is Enabled and set as appropriateGCPCIS Google Kubernetes Engine (GKE) v1.3.0 L1
8.3 Block Reported Web ForgeriesWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
8.3 Block Reported Web ForgeriesUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
Alertmail server not configured or this feature is not available on the deviceFortiGateTNS Fortigate FortiOS Best Practices v2.0.0
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - basic-threatCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - From-addressCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - logging severityCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - Recipient-addressCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - scanning-threatCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - smtpCiscoDISA STIG Cisco ASA FW v1r2
Display a notification - DomainProfileWindowsMSCT Windows 10 1803 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 v21H1 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 v20H2 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 v21H2 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 1809 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 1909 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 v1507 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows Server 2012 R2 DC v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows Server 2012 R2 MS v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 1903 v1.19.9
Display a notification - Private ProfileWindowsMSCT Windows 10 v2004 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 10 v22H2 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 11 v1.0.0
Display a notification - Private ProfileWindowsMSCT Windows 11 v22H2 v1.0.0
Display a notification - PrivateProfileWindowsMSCT Windows 10 1803 v1.0.0
Display a notification - Public ProfileWindowsMSCT Windows 10 v21H1 v1.0.0
Display a notification - Public ProfileWindowsMSCT Windows 10 1903 v1.19.9
Display a notification - Public ProfileWindowsMSCT Windows Server 2012 R2 DC v1.0.0