Free DISA STIG and SRG Library | Vaulted

V-81189

The Central Log Server must be configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts.

Finding ID
SRG-APP-000516-AU-000380
Rule ID
SV-95903r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000516-AU-000380
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

This supports prioritization functions, which is a major reason why centralized management is a requirement in DoD. This includes different features that help highlight the important events over less critical security events. This may be accomplished by correlating security events with vulnerability data or other asset information. Prioritization algorithms often use severity information provided by the original log source as well.

Fix Text

Configure the Central Log Server with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts.

Check Content

Examine the configuration. Verify the Central Log Server is configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts. If the Central Log Server is not configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts, this is a finding.