The IAO/NSO will ensure that security alarms are set up within the managed network's framework. At a minimum, these will include the following: - Integrity Violation: Indicates that network contents or objects have been illegally modified, deleted, or added. - Operational Violation: Indicates that a desired object or service could not be used. - Physical Violation: Indicates that a physical part of the network (such as a cable) has been damaged or modified without authorization. - Security Mechanism Violation: Indicates that the network's security system has been compromised or breached. - Time Domain Violation: Indicates that an event has happened outside its allowed or typical time slot.

From Network Devices Security Technical Implementation Guide

Part of NMS security alarms not define by violation type.

Associated with IA controls: ECSC-1

SV-3046r1_rule The IAO/NSO will ensure that security alarms are set up within the managed network's framework. At a minimum, these will include the following: - Integrity Violation: Indicates that network contents or objects have been illegally modified, deleted, or added. - Operational Violation: Indicates that a desired object or service could not be used. - Physical Violation: Indicates that a physical part of the network (such as a cable) has been damaged or modified without authorization. - Security Mechanism Violation: Indicates that the network's security system has been compromised or breached. - Time Domain Violation: Indicates that an event has happened outside its allowed or typical time slot.

Vulnerability discussion

Without the proper categories of security alarms being defined on the NMS, responding to critical outages or attacks on the network may not be coordinated correctly with the right personnel, hardware, software or vendor maintenance. Delays will inevitably occur which will cause network outages to last longer than necessary or expose the network to larger, more extensive attacks or outages.

Check content

Request that the network engineer demonstrate the alert capabilities.

Fix text

The NSO will ensure that the NMS is configured, at a minimum, to alarm on the following security violations: integrity, operational, physical, security mechanism, and time domain violation.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.