The application server must back up audit data and records on an organization defined frequency onto a different system or media than the system the application server itself is running on.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35216 | SRG-APP-000125-AS-000084 | SV-46503r1_rule | Medium |
| Description |
|---|
| Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system the application server is actually running on helps to assure that in the event of a catastrophic system failure, the audit records will be retained. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43588r1_chk ) |
|---|
| Review the AS configuration to determine if the AS backs up audit records on an organization defined frequency onto a different system or media than the system being audited. If the AS does not back up audit records on an organization-defined frequency onto a different system or media than the system being audited, this is a finding. |
| Fix Text (F-39762r1_fix) |
|---|
| Configure the AS to back up audit records on an organization defined frequency onto a different system or media than the system being audited. |