From Firewall Security Technical Implementation Guide - Cisco
Part of FW acknowledge messages must be recorded
Associated with IA controls: ECSC-1, ECAR-3, ECAR-2, ECAR-1
Acknowledging the alert could be a single event, or different events. In addition, assurance is required that each administrator that received the alarm message also receives the acknowledgement message, which includes some form of reference to the alarm message, who acknowledged the message and when.
The firewall shall display an acknowledgement message identifying a reference to the potential security violation, a notice that it has been acknowledged, the time of the acknowledgement and the user identifier that acknowledged the alarm at the remote administrator sessions that received the alarm. Have the administrator verify these capabilities. If the notifications do not include the proper references, this is a finding.
Configure the firewall to send acknowledge messages to administrators, referencing the alarm, who acknowledged the alarm, and timestamps.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer