800-53|SI-6c.

Title

SECURITY FUNCTION VERIFICATION

Description

Notifies [Assignment: organization-defined personnel or roles] of failed security verification tests; and

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
BIND-9X-001010 - A BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components, based on selectable event criteria, and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes - category	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001010 - A BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components, based on selectable event criteria, and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes - channel	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001010 - A BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components, based on selectable event criteria, and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes - logging	Unix	DISA BIND 9.x STIG v2r2
VCWN-06-000048 - The system must alert administrators on permission creation operations.	VMware	DISA STIG VMware vSphere vCenter 6.x v1r4
VCWN-06-000049 - The system must alert administrators on permission deletion operations.	VMware	DISA STIG VMware vSphere vCenter 6.x v1r4
VCWN-06-000050 - The system must alert administrators on permission update operations.	VMware	DISA STIG VMware vSphere vCenter 6.x v1r4
VCWN-65-000048 - The vCenter Server for Windows must alert administrators on permission creation operations.	VMware	DISA STIG VMware vSphere vCenter 6.5 v2r3
VCWN-65-000049 - The vCenter Server for Windows must alert administrators on permission deletion operations.	VMware	DISA STIG VMware vSphere vCenter 6.5 v2r3
VCWN-65-000050 - The vCenter Server for Windows must alert administrators on permission update operations.	VMware	DISA STIG VMware vSphere vCenter 6.5 v2r3
WDNS-SI-000008 - The Windows 2012 DNS Server must be configured to notify the ISSO/ISSM/DNS administrator when functionality of DNSSEC/TSIG has been removed or broken.	Windows	DISA Microsoft Windows 2012 Server DNS STIG v2r5

Detections

Analytics

800-53|SI-6c.

Title

Description

Reference Item Details

Audit Items