The Juniper router must be configured to generate an alert for all audit failure events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-217333 | JUNI-ND-000990 | SV-217333r991991_rule | CCI-001858 | medium |
| Description | ||||
| It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less). | ||||
| STIG | Date | |||
| Juniper Router NDM Security Technical Implementation Guide | 2024-12-05 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-5(2)
1.00
- DISA · V3R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001858
1.00
- DISA · V3R2 · disa_xccdf · related
Details
Check Text (C-217333r991991_chk)
Review the router configuration to verify that it is compliant with this requirement as shown in the example below.
system {
syslog {
host x.x.x.x {
any critical;
}
}
Note: The parameter "critical" can be replaced with a lesser severity level (i.e., error, warning, notice, info).
If the router is not configured to generate an alert for all audit failure events, this is a finding.
Fix Text (F-18558r296578_fix)
Configure the router to send critical to emergency log messages to the syslog server as shown in the example below.
set syslog host x.x.x.x any critical
Note: The parameter "critical" can replaced with a lesser severity level (i.e., error, warning, notice, info).