CCI|CCI-002664

Title

Alert organization-defined personnel or roles when organization-defined compromise indicators generate the occurrence of a compromise or a potential compromise.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - basic-threat	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - From-address	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - logging severity	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - Recipient-address	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - scanning-threat	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - smtp	Cisco	DISA STIG Cisco ASA FW v2r1
FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected - enc-algorithm	FortiGate	DISA Fortigate Firewall STIG v1r3
FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. - set certificate	FortiGate	DISA Fortigate Firewall STIG v1r3
FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. - set mode	FortiGate	DISA Fortigate Firewall STIG v1r3
FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. - set server	FortiGate	DISA Fortigate Firewall STIG v1r3
JUSX-AG-000146 - The Juniper SRX Services Gateway Firewall must generate an alert to, at a minimum, the ISSO and ISSM when unusual/unauthorized activities or conditions are detected during continuous monitoring of communications traffic as it traverses inbound or outbound across internal security boundaries.	Juniper	DISA Juniper SRX Services Gateway ALG v3r2
JUSX-AG-000147 - The Juniper SRX Services Gateway Firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources are detected.	Juniper	DISA Juniper SRX Services Gateway ALG v3r2
JUSX-AG-000150 - The Juniper SRX Services Gateway Firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when DoS incidents are detected.	Juniper	DISA Juniper SRX Services Gateway ALG v3r2
JUSX-IP-000023 - The IDPS must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected that indicate a compromise or potential for compromise.	Juniper	DISA Juniper SRX Services Gateway IDPS v2r1
JUSX-IP-000024 - The Juniper Networks SRX Series Gateway IDPS must generate an alert to, at a minimum, the ISSO and ISSM when root-level intrusion events that provide unauthorized privileged access are detected.	Juniper	DISA Juniper SRX Services Gateway IDPS v2r1
JUSX-IP-000025 - The IDPS must send an alert to, at a minimum, the ISSO and ISSM when DoS incidents are detected.	Juniper	DISA Juniper SRX Services Gateway IDPS v2r1
PANW-AG-000118 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.	Palo_Alto	DISA STIG Palo Alto ALG v3r2
PANW-AG-000119 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when rootkits or other malicious software which allows unauthorized privileged access is detected.	Palo_Alto	DISA STIG Palo Alto ALG v3r2
PANW-AG-000120 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when rootkits or other malicious software which allows unauthorized non-privileged access is detected.	Palo_Alto	DISA STIG Palo Alto ALG v3r2
PANW-AG-000121 - The Palo Alto Networks security platform must generate a log record that can be used to send an alert to, at a minimum, the information system security officer (ISSO) and information system security manager (ISSM) when denial-of-service (DoS) incidents are detected.	Palo_Alto	DISA STIG Palo Alto ALG v3r2
PANW-AG-000122 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.	Palo_Alto	DISA STIG Palo Alto ALG v3r2
PANW-IP-000051 - The Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected which indicate a compromise or potential for compromise.	Palo_Alto	DISA STIG Palo Alto IDPS v3r1
PANW-IP-000052 - The Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.	Palo_Alto	DISA STIG Palo Alto IDPS v3r1
PANW-IP-000053 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when rootkits or other malicious software which allows unauthorized privileged or non-privileged access is detected.	Palo_Alto	DISA STIG Palo Alto IDPS v3r1
PANW-IP-000055 - The Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when denial of service incidents are detected.	Palo_Alto	DISA STIG Palo Alto IDPS v3r1
PANW-IP-000056 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.	Palo_Alto	DISA STIG Palo Alto IDPS v3r1
SYMP-AG-000660 - Symantec ProxySG providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.	BlueCoat	DISA Symantec ProxySG Benchmark ALG v1r3
SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - Client limits	BlueCoat	DISA Symantec ProxySG Benchmark ALG v1r3
SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - DoS incidents are detected. Rules	BlueCoat	DISA Symantec ProxySG Benchmark ALG v1r3

Detections

Analytics

CCI|CCI-002664

Title

Reference Item Details

Audit Items