Check: SRC-EPT-440
SRC - Remote Endpoint:
SRC-EPT-440
(in version v2 r7)
Title
The remote user will be trained to inspect the firewall logs at least weekly and report any unusual events or suspicious activity to their security officer. (Cat III impact)
Discussion
Log review is an important step in determining if potentially malicious activity has occurred and then can be reported.
Check Content
Inspect the training or user agreement documentation. Verifiy that the users are informed of this requirement. If the user is unaware of this requirement or does not perform this task at least weekly, this is a finding.
Fix Text
Develop and implement procedures to review audit data.
Additional Identifiers
Rule ID: SV-6812r1_rule
Vulnerability ID: V-6664
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |