FISMA – Alarm Rules
| Alarms | Regulation Notes | Suppression | Threshold |
|---|---|---|---|
| FISMA: Alarm on Compromise | Best practice | 30 min | Single Event |
| FISMA: Alarm on Audit Log Write Failure | Indicates a system may be shutting down due to inability to audit | 30 min | Single Event |