UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Central Log Server must be configured to protect the data sent from hosts and devices from being altered in a way that may prevent the attribution of an action to an individual (or process acting on behalf of an individual).


Overview

Finding ID Version Rule ID IA Controls Severity
V-206448 SRG-APP-000080-AU-000010 SV-206448r395691_rule Medium
Description
Without non-repudiation, it is impossible to positively attribute an action to an individual (or process acting on behalf of an individual). The records stored by the Central Log Server must be protected against such alteration as removing the identifier. A hash is one way of performing this function. The server must not allow the removal of identifiers or date/time, or it must severely restrict the ability to do so. Additionally, the log administrator access and activity with the user account information.
STIG Date
Central Log Server Security Requirements Guide 2021-06-24

Details

Check Text ( C-6708r285588_chk )
Examine the configuration.

Verify the system is configured with a hash or other method that protects the data against alteration of the log information sent from hosts and devices.

Verify the Central Log Server is configured to log all changes to the machine data.

If the Central Log Server is not configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation, this is a finding.
Fix Text (F-6708r285589_fix)
Configure the Central Log Server to use a hash or other method that protects the data against alteration of the log information sent from hosts and devices.

Configure the Central Log Server to not allow alterations to the machine data.