STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SI-4 (5) — System Monitoring

CCI-002664

Definition

Alert organization-defined personnel or roles when organization-defined compromise indicators generate the occurrence of a compromise or a potential compromise.

Parent Control

SI-4 (5)System MonitoringSystem and Information Integrity

Linked STIG Checks (79)

V-237054CAT IIThe A10 Networks ADC must enable logging for packet anomaly events.A10 Networks ADC ALG Security Technical Implementation Guide V-237055CAT IIThe A10 Networks ADC must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.A10 Networks ADC ALG Security Technical Implementation Guide V-237056CAT IIThe A10 Networks ADC must enable logging of Denial of Service (DoS) attacks.A10 Networks ADC ALG Security Technical Implementation Guide V-76445CAT IIKona Site Defender providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide V-76447CAT IIKona Site Defender providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide V-76449CAT IIKona Site Defender providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected.Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide V-205018CAT IIThe ALG providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.Application Layer Gateway Security Requirements Guide V-205019CAT IIThe ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.Application Layer Gateway Security Requirements Guide V-205020CAT IIThe ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when root level intrusion events which provide unauthorized privileged access are detected.Application Layer Gateway Security Requirements Guide V-205021CAT IIThe ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when user level intrusions which provide non-privileged access are detected.Application Layer Gateway Security Requirements Guide V-205022CAT IIThe ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial of service incidents are detected.Application Layer Gateway Security Requirements Guide V-205023CAT IIThe ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.Application Layer Gateway Security Requirements Guide V-237404CAT IIThe CA API Gateway providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.CA API Gateway ALG Security Technical Implementation Guide V-237405CAT IIThe CA API Gateway providing content filtering must generate a notification on the console when root-level intrusion events that attempt to provide unauthorized privileged access are detected.CA API Gateway ALG Security Technical Implementation Guide V-237406CAT IIIThe CA API Gateway providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when user-level intrusions that provide non-privileged access are detected.CA API Gateway ALG Security Technical Implementation Guide V-237407CAT IIIThe CA API Gateway providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when Denial of Service (DoS) incidents are detected.CA API Gateway ALG Security Technical Implementation Guide V-237408CAT IIThe ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.CA API Gateway ALG Security Technical Implementation Guide V-239872CAT IIThe Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected.Cisco ASA Firewall Security Technical Implementation Guide V-239892CAT IIThe Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when intrusion events are detected.Cisco ASA IPS Security Technical Implementation Guide V-239893CAT IIThe Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when threats are detected.Cisco ASA IPS Security Technical Implementation Guide V-239894CAT IIThe Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when DoS incidents are detected.Cisco ASA IPS Security Technical Implementation Guide V-239895CAT IIThe Cisco ASA must generate an alert to organization-defined personnel and/or the firewall administrator when active propagation of malware or malicious code is detected.Cisco ASA IPS Security Technical Implementation Guide V-271070CAT IIThe Dragos Platform must alert the information system security officer (ISSO), information system security manager (ISSM), and other individuals designated by the local organization when events are detected that indicate a compromise or potential for compromise.Dragos Platform 2.x Security Technical Implementation Guide V-266146CAT IIThe F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.F5 BIG-IP TMOS ALG Security Technical Implementation Guide V-266262CAT IIIThe F5 BIG-IP appliance must generate an alert that can be forwarded to, at a minimum, the information system security officer (ISSO) and information system security manager (ISSM) when denial-of-service (DoS) incidents are detected.F5 BIG-IP TMOS Firewall Security Technical Implementation Guide V-206711CAT IIIThe firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected.Firewall Security Requirements Guide V-234158CAT IIIThe FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected.Fortinet FortiGate Firewall Security Technical Implementation Guide V-255243CAT IISSMC must be configured to offload logs to a SIEM that is configured to alert the ISSO or SA when the local built-in admin account (ssmcadmin) is accessed.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-65293CAT IIThe DataPower Gateway providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.IBM DataPower ALG Security Technical Implementation Guide V-65295CAT IIThe DataPower Gateway providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.IBM DataPower ALG Security Technical Implementation Guide V-65297CAT IIThe DataPower Gateway providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when root level intrusion events which provide unauthorized privileged access are detected.IBM DataPower ALG Security Technical Implementation Guide V-65299CAT IIThe DataPower Gateway providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when user level intrusions which provide non-privileged access are detected.IBM DataPower ALG Security Technical Implementation Guide V-65301CAT IIThe DataPower Gateway providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial of service incidents are detected.IBM DataPower ALG Security Technical Implementation Guide V-65303CAT IIThe DataPower Gateway providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.IBM DataPower ALG Security Technical Implementation Guide V-55385CAT IIThe IDSP must send an alert to, at a minimum, the ISSM and ISSO when intrusion detection events are detected which indicate a compromise or potential for compromise.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55387CAT IIThe IDPS must send an alert to, at a minimum, the ISSM and ISSO when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected which indicate a compromise or potential for compromise.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55389CAT IIThe IDPS must generate an alert to, at a minimum, the ISSM and ISSO when root level intrusion events which provide unauthorized privileged access are detected.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55391CAT IIThe IDPS must send an alert to, at a minimum, the ISSM and ISSO when user level intrusions which provide non-privileged access are detected.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55393CAT IIThe IDPS must send an alert to, at a minimum, the ISSM and ISSO when denial of service incidents are detected.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55395CAT IIThe IDPS must generate an alert to, at a minimum, the ISSM and ISSO when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-206915CAT IIThe IDPS must send an alert to, at a minimum, the information system security manager (ISSM) and information system security officer (ISSO) when intrusion detection events are detected which indicate a compromise or potential for compromise.Intrusion Detection and Prevention Systems Security Requirements Guide V-206916CAT IIThe IDPS must send an alert to, at a minimum, the ISSM and ISSO when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected which indicate a compromise or potential for compromise.Intrusion Detection and Prevention Systems Security Requirements Guide V-206917CAT IIThe IDPS must generate an alert to, at a minimum, the ISSM and ISSO when root level intrusion events which provide unauthorized privileged access are detected.Intrusion Detection and Prevention Systems Security Requirements Guide V-206918CAT IIThe IDPS must send an alert to, at a minimum, the ISSM and ISSO when user level intrusions which provide non-privileged access are detected.Intrusion Detection and Prevention Systems Security Requirements Guide V-206919CAT IIThe IDPS must send an alert to, at a minimum, the ISSM and ISSO when denial of service incidents are detected.Intrusion Detection and Prevention Systems Security Requirements Guide V-206920CAT IIThe IDPS must generate an alert to, at a minimum, the ISSM and ISSO when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.Intrusion Detection and Prevention Systems Security Requirements Guide V-66425CAT IIThe IDPS must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected that indicate a compromise or potential for compromise.Juniper SRX SG IDPS Security Technical Implementation Guide V-66425CAT IIThe IDPS must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected that indicate a compromise or potential for compromise.Juniper SRX SG IDPS Security Technical Implementation Guide V-66427CAT IIThe Juniper Networks SRX Series Gateway IDPS must generate an alert to, at a minimum, the ISSO and ISSM when root-level intrusion events that provide unauthorized privileged access are detected.Juniper SRX SG IDPS Security Technical Implementation Guide V-66427CAT IIThe Juniper Networks SRX Series Gateway IDPS must generate an alert to, at a minimum, the ISSO and ISSM when root-level intrusion events that provide unauthorized privileged access are detected.Juniper SRX SG IDPS Security Technical Implementation Guide V-66429CAT IIThe IDPS must send an alert to, at a minimum, the ISSO and ISSM when DoS incidents are detected.Juniper SRX SG IDPS Security Technical Implementation Guide V-66429CAT IIThe IDPS must send an alert to, at a minimum, the ISSO and ISSM when DoS incidents are detected.Juniper SRX SG IDPS Security Technical Implementation Guide V-214539CAT IIThe Juniper SRX Services Gateway Firewall must generate an alert to, at a minimum, the ISSO and ISSM when unusual/unauthorized activities or conditions are detected during continuous monitoring of communications traffic as it traverses inbound or outbound across internal security boundaries.Juniper SRX Services Gateway ALG Security Technical Implementation Guide V-214540CAT IIThe Juniper SRX Services Gateway Firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources are detected.Juniper SRX Services Gateway ALG Security Technical Implementation Guide V-214541CAT IIThe Juniper SRX Services Gateway Firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when DoS incidents are detected.Juniper SRX Services Gateway ALG Security Technical Implementation Guide V-214629CAT IIThe IDPS must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected that indicate a compromise or potential for compromise.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-214630CAT IIThe Juniper Networks SRX Series Gateway IDPS must generate an alert to, at a minimum, the ISSO and ISSM when root-level intrusion events that provide unauthorized privileged access are detected.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-214631CAT IIThe IDPS must send an alert to, at a minimum, the ISSO and ISSM when DoS incidents are detected.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-272882CAT IIMicrosoft Defender for Endpoint (MDE) must alert administrators on policy violations defined for endpoints.Microsoft Defender for Endpoint Security Technical Implementation Guide V-228870CAT IIThe Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.Palo Alto Networks ALG Security Technical Implementation Guide V-228871CAT IIThe Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when rootkits or other malicious software which allows unauthorized privileged access is detected.Palo Alto Networks ALG Security Technical Implementation Guide V-228872CAT IIThe Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when rootkits or other malicious software that allows unauthorized nonprivileged access is detected.Palo Alto Networks ALG Security Technical Implementation Guide V-228873CAT IIThe Palo Alto Networks security platform must generate a log record that can be used to send an alert to, at a minimum, the information system security officer (ISSO) and information system security manager (ISSM) when denial-of-service (DoS) incidents are detected.Palo Alto Networks ALG Security Technical Implementation Guide V-228874CAT IIThe Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.Palo Alto Networks ALG Security Technical Implementation Guide V-207711CAT IIThe Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected which indicate a compromise or potential for compromise.Palo Alto Networks IDPS Security Technical Implementation Guide V-207712CAT IIThe Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.Palo Alto Networks IDPS Security Technical Implementation Guide V-207713CAT IIThe Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when rootkits or other malicious software which allows unauthorized privileged or non-privileged access is detected.Palo Alto Networks IDPS Security Technical Implementation Guide V-207714CAT IIThe Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when denial of service incidents are detected.Palo Alto Networks IDPS Security Technical Implementation Guide V-207715CAT IIThe Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.Palo Alto Networks IDPS Security Technical Implementation Guide V-279203CAT IIThe Edge SWG must control remote access methods.Symantec Edge SWG ALG Security Technical Implementation Guide V-94345CAT IISymantec ProxySG providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.Symantec ProxySG ALG Security Technical Implementation Guide V-94347CAT IISymantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected.Symantec ProxySG ALG Security Technical Implementation Guide V-254950CAT IITanium must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253802CAT IITanium must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real-time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.Tanium 7.x Security Technical Implementation Guide V-241174CAT IITrend Deep Security must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real-time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242205CAT IIThe TPS must send an alert to, at a minimum, the ISSM and ISSO when intrusion detection events are detected which indicate a compromise or potential for compromise.Trend Micro TippingPoint IDPS Security Technical Implementation Guide V-242206CAT IIThe site must register with the Trend Micro TippingPoint Threat Management Center (TMC) in order to receive alerts on threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected which indicate a compromise or potential for compromise.Trend Micro TippingPoint IDPS Security Technical Implementation Guide V-251732CAT IIThe NSX-T Distributed Firewall must configure SpoofGuard to block outbound IP packets that contain illegitimate packet attributes.VMware NSX-T Distributed Firewall Security Technical Implementation Guide V-251769CAT IIThe NSX-T Tier-1 Gateway Firewall must configure SpoofGuard to block outbound IP packets that contain illegitimate packet attributes.VMware NSX-T Tier 1 Gateway Firewall Security Technical Implementation Guide