The IDPS must assign a critical severity level to all audit processing failures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-206904 | SRG-NET-000335-IDPS-00223 | SV-206904r856542_rule | CCI-001858 | medium |
| Description | ||||
| It is critical that when the IDPS is at risk of failing to process audit logs as required, it takes action to mitigate the failure Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Since action must be taken immediately, these messages will be designated as a critical severity level and this level must be sent as part of the alert message. | ||||
| STIG | Date | |||
| Intrusion Detection and Prevention Systems Security Requirements Guide | 2025-05-19 | |||
Details
Check Text (C-206904r856542_chk)
Verify the IDPS provides assign a critical severity level to all audit processing failures.
If the IDPS does not assign a critical severity level to all audit processing failures, this is a finding.
Fix Text (F-7158r298225_fix)
Configure the IDPS to assign a critical severity level to all audit processing failures.