Check: HYCU-ND-000430
HYCU Protege STIG:
HYCU-ND-000430
(in version v1 r1)
Title
The HYCU virtual appliance must generate an immediate real-time alert of all audit failure events requiring real-time alerts. (Cat II impact)
Discussion
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Satisfies: SRG-APP-000360-NDM-000295, SRG-APP-000795-NDM-000130
Check Content
Log in to the HYCU Web UI and review the "Events" menu and "Email Notifications" to verify that all appropriate/relevant audit failure events are included in the "Category" drop-down menu. If these events are not shown (reference a recent event capturing a login to HYCU for validation), this is a finding.
Fix Text
Log in to the HYCU Web UI and go to the "Events" menu and open "Email Notifications". Ensure that all the appropriate/relevant categories are selected and that the "Status" includes failures. Add a "Subject" for the "Email Notifications" and email address for necessary auditors or HYCU administrators.
Additional Identifiers
Rule ID: SV-268254r1038704_rule
Vulnerability ID: V-268254
Group Title: SRG-APP-000360-NDM-000295
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001858 |
Provide an alert in an organization-defined real-time-period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur. |
| CCI-003831 |
Alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. |
Controls
| Number | Title |
|---|---|
| AU-5(2) |
Real-time Alerts |