ECTB-1 Audit Trail Backup
Overview
The audit records are backed up not less than weekly onto a different system or media than the system being audited.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| CLASSIFIED MACI MACII | Medium | Enclave Computing Environment |
Details
| Threat |
|---|
| Loss of important information/work is a risk if back-ups are not performed regularly. Performing back-ups daily or at least weekly enhances the integrity and availability of information. |
| Guidance |
|---|
| 1. A back-up plan shall be established, documented, and implemented for all systems recording audit records within your C&A boundary. 2. The audit records shall be backed-up not less than weekly, and if possible, the back-up process should be automated. 3. The back-ups shall be saved to a different system or saved on a different media (e.g., disk, CD, tape) than the system being audited. |
References
- CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 25 March 2003
- NIST SP 800-12, An Introduction to Computer Security: The NIST Handbook, October 1995
- NSA Guide to Securing Windows 2000 – Policy Toolsets, 05 March 2003
- NSA Guide to Securing Windows XP, 22 October 2004
- DISA Unix STIG, Version 4, Release 4, 15 September 2003
- DISA Solaris Security Checklist, 20 January 2004
- DISA UNISYS STIG, 22 July 2003
- NSA Windows 2000 Security Recommendations Guide 16 January 2004
- NSA Windows NT Security Recommendations Guide 18 September 2001
- DISA Database STIG, Version 7, Release 1, 29 October 2004