Rule ID
SV-283402r1194900_rule
Version
V1R1
CCIs
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less). Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are of greater risk. A local connection is any connection with a device communicating without using a network. A network connection is any connection with a device that communicates through a network (e.g., local area or wide area network; internet). A remote connection is any connection with a device communicating through an external network (e.g., the internet). Because of the challenges of applying this requirement on a large scale, organizations are encouraged to only apply the requirement to those limited number (and type) of devices that truly need to support this capability.
Verify an SNMPv3 user account is configured with the following command: cli% showsnmpuser Username AuthProtocol PrivProtocol Alletrasnmpuser HMAC-SHA-96 CFB128-AES-128 If the output is not displayed in the above format, this is a finding.
Configure SNMPv3 alert notifications using the following sequence of operations: Create and enable an SNMPv3 user, and create associated keys for authentication and privacy. cli% createuser Alletrasnmpuser all browse Enter the password and confirm. cli% createsnmpuser Alletrasnmpuser At the prompt, enter the password. At the next prompt, reenter the password.