UCF STIG Viewer Logo

The Central Log Server must be configured to generate on-demand audit review and analysis reports.


Overview

Finding ID Version Rule ID IA Controls Severity
V-81161 SRG-APP-000366-AU-000220 SV-95875r1_rule Low
Description
The report generation capability must support on-demand review and analysis to facilitate the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security incidents. Report generation must be capable of generating on-demand (i.e., customizable, ad hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective. Audit reduction and report generation capabilities do not always reside on the same information system or within the same organizational entities conducting auditing activities. The audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in log records. The report generation capability provided by the information system can generate customizable reports. Time ordering of log records can be a significant issue if the granularity of the timestamp in the record is insufficient. This requirement is specific to applications with report generation capabilities; however, applications need to support on-demand audit review and analysis.
STIG Date
Central Log Server Security Requirements Guide 2019-06-28

Details

Check Text ( C-80823r1_chk )
Examine the configuration.

Verify the Central Log Server generates on-demand audit review and analysis reports.

If the Central Log Server is not configured to generate on-demand audit review and analysis reports, this is a finding.
Fix Text (F-87935r1_fix)
Configure the Central Log Server to generate on-demand audit review and analysis reports.