Back

Configure each system's security alerts to organizational standards.


CONTROL ID
12113
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure the system to issue a security alert when an administrator account is created., CC ID: 12122


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Alerts regarding use of the same machine for both maker and checker transactions need to be considered. (Critical components of information security 11) c.20., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • monitoring and alert mechanisms for the detection of compromises of environmental controls including: temperature; water; smoke and access sensors/alarms; service availability alerts (power supply, telecommunication, servers); and access log reviews. (¶ 56(c), APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • Network devices shall be capable of automatically providing notification to a configurable set of recipients upon discovery of an attempt to make an unauthorized physical access. All notifications of tampering shall be logged as part of the overall audit logging function. (15.8.3 (1) ¶ 1, IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • Verify that the application has configurable alerting when automated attacks or unusual activity is detected. (11.1.8, Application Security Verification Standard 4.0.3, 4.0.3)
  • Network devices shall be capable of automatically providing notification to a configurable set of recipients upon discovery of an attempt to make an unauthorized physical access. All notifications of tampering shall be logged as part of the overall audit logging function. (15.8.3 (1) ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Employ automated mechanisms to make security alert and advisory information available throughout the agency as appropriate. (§ 5.10.4.4 ¶ 1(5), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Employ automated mechanisms to make security alert and advisory information available throughout the agency as appropriate. (§ 5.10.4.4 ¶ 1 5., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Alert parameters are set for detecting information security incidents that prompt mitigating actions. (Domain 5: Assessment Factor: Detection, Response, and Mitigation, DETECTION Baseline 1 ¶ 1, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Ensure alarms are categorized by severity using the following guidelines: (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 8, Guideline 662G1: Systems Security, 662G1-00)
  • Ensure security alarms are set up within the managed network's framework. At a minimum, these will include the following: (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 7, Guideline 662G1: Systems Security, 662G1-00)
  • Integrity Violation: Indicates that network contents or objects are illegally modified, deleted, or added. (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 7 Bullet 1, Guideline 662G1: Systems Security, 662G1-00)
  • Physical Violation: Indicates that a physical part of the network (such as a cable) is damaged or modified without authorization. (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 7 Bullet 3, Guideline 662G1: Systems Security, 662G1-00)
  • Operational Violation: Indicates that a desired object or service can not be used. (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 7 Bullet 2, Guideline 662G1: Systems Security, 662G1-00)
  • Security Mechanism Violation: Indicates that the network's security system is compromised or breached. (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 7 Bullet 4, Guideline 662G1: Systems Security, 662G1-00)
  • Time Domain Violation: Indicates that an event is happening outside its allowed or typical time slot. (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 7 Bullet 5, Guideline 662G1: Systems Security, 662G1-00)
  • a solution that centralizes logging and security event alerting. (§ 500.14 Monitoring and Training (b)(2), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)