The application server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-57425	SRG-APP-000515-AS-000203	SV-71697r2_rule		Medium

Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can track and understand what may have occurred. Off-loading should be set up as a scheduled task but can be configured to be run manually, if other processes during the off-loading are manual. Off-loading is a common process in information systems with limited log storage capacity.

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can track and understand what may have occurred. Off-loading should be set up as a scheduled task but can be configured to be run manually, if other processes during the off-loading are manual. Off-loading is a common process in information systems with limited log storage capacity.

STIG	Date
Application Server Security Requirements Guide	2018-01-08

Details

Check Text ( C-58101r1_chk )
Verify the log records are being off-loaded, at a minimum of real time for interconnected systems and weekly for standalone systems. If the application server is not meeting these requirements, this is a finding.

Fix Text (F-62463r1_fix)
Configure the application server to off-load interconnected systems in real time and standalone systems weekly.