← Back to Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

V-55329

CAT II (Medium)

The IDPS must assign a critical severity level to all audit processing failures.

Rule ID

SV-69575r1_rule

STIG

Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

Version

V2R6

CCIs

CCI-001858

Discussion

It is critical that when the IDPS is at risk of failing to process audit logs as required, it takes action to mitigate the failure<br /><br />Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Since action must be taken immediately, these messages will be designated as a critical severity level and this level must be sent as part of the alert message.

Check Content

Verify the IDPS provides assign a critical severity level to all audit processing failures.<br /><br />If the IDPS does not assign a critical severity level to all audit processing failures, this is a finding.

Fix Text

Configure the IDPS to assign a critical severity level to all audit processing failures.