Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must back up audit data and records on an organization defined frequency onto a different system or media than the system the application server itself is running on.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35216 | SRG-APP-000125-AS-000084 | SV-46503r1_rule | Medium |
| Description |
|---|
| Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system the application server is actually running on helps to assure that in the event of a catastrophic system failure, the audit records will be retained. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43588r1_chk ) |
|---|
| Review the AS configuration to determine if the AS backs up audit records on an organization defined frequency onto a different system or media than the system being audited. If the AS does not back up audit records on an organization-defined frequency onto a different system or media than the system being audited, this is a finding. |
| Fix Text (F-39762r1_fix) |
|---|
| Configure the AS to back up audit records on an organization defined frequency onto a different system or media than the system being audited. |