STIGhub
STIGs
RMF Controls
Compare
← SI-6 — Security and Privacy Function Verification
CCI-001294
Definition
Alert organization-defined personnel or roles of failed security verification tests.
Parent Control
SI-6
Security and Privacy Function Verification
System and Information Integrity
Linked STIG Checks (14)
V-222617
CAT III
The application must notify the ISSO and ISSM of failed security verification tests.
Application Security and Development Security Technical Implementation Guide
V-272634
CAT II
CylanceON-PREM must be configured to send alerts via Simple Mail Transfer Protocol (SMTP).
Arctic Wolf CylanceON-PREM Security Technical Implementation Guide
V-276014
CAT I
Ax-OS must off-load audit records onto a different system or media than the system being audited.
Axonius Federal Systems Ax-OS Security Technical Implementation Guide
V-272371
CAT II
A BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components based on selectable event criteria and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes.
BIND 9.x Security Technical Implementation Guide
V-205193
CAT II
The DNS server implementation must be configured to generate audit records for failed security verification tests so that the ISSO and ISSM can be notified of the failures.
Domain Name System (DNS) Security Requirements Guide
V-233927
CAT II
The Infoblox system must notify the ISSO and ISSM in the event of failed security verification tests.
Infoblox 8.x DNS Security Technical Implementation Guide
V-205527
CAT II
The Mainframe product must notify the system programmer and security administrator of failed security verification tests.
Mainframe Product Security Requirements Guide
V-273868
CAT II
Microsoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.
Microsoft Intune MDM Service Desktop & Mobile Security Technical Implementation Guide
V-273868
CAT II
Microsoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.
Microsoft Intune MDM Service Desktop & Mobile Security Technical Implementation Guide
V-215645
CAT II
The Windows 2012 DNS Server must be configured to notify the ISSO/ISSM/DNS administrator when functionality of DNSSEC/TSIG has been removed or broken.
Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide
V-259409
CAT II
The Windows DNS Server must be configured to notify the information system security officer (ISSO), information system security manager (ISSM), or DNS administrator when functionality of DNSSEC/TSIG has been removed or broken.
Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
V-254854
CAT II
The Tanium Operating System (TanOS) must notify the ISSO and ISSM of failed security verification tests.
Tanium 7.x Operating System on TanOS Security Technical Implementation Guide
V-241146
CAT II
Trend Deep Security must notify ISSO and ISSM of failed security verification tests.
Trend Micro Deep Security 9.x Security Technical Implementation Guide
V-234430
CAT II
The application must notify the Information System Security Manager (ISSM) and Information System Security Officer (ISSO) of failed security verification tests.
Unified Endpoint Management Server Security Requirements Guide