The ISSO must ensure an acknowledgement message identifying a reference to the potential security violation is logged and it contains a notice that it has been acknowledged, the time of the acknowledgement and the user identifier that acknowledged the alarm, at the remote administrator session that received the alarm.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-14656 | NET0398 | SV-15282r2_rule | ECAR-1 ECAR-2 ECAR-3 ECSC-1 | Low |
| Description |
|---|
| Acknowledging the alert could be a single event, or different events. In addition, assurance is required that each administrator that received the alarm message also receives the acknowledgement message, which includes some form of reference to the alarm message, who acknowledged the message and when. |
| STIG | Date |
|---|---|
| Firewall Security Technical Implementation Guide - Cisco | 2017-12-07 |
Details
| Check Text ( C-12671r2_chk ) |
|---|
| The firewall shall display an acknowledgement message identifying a reference to the potential security violation, a notice that it has been acknowledged, the time of the acknowledgement and the user identifier that acknowledged the alarm at the remote administrator sessions that received the alarm. Have the administrator verify these capabilities. If the notifications do not include the proper references, this is a finding. |
| Fix Text (F-14115r1_fix) |
|---|
| Configure the firewall to send acknowledge messages to administrators, referencing the alarm, who acknowledged the alarm, and timestamps. |