The Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) must perform centralized logging to capture and store log records.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259876	SRG-OS-000342-CLD-000020	SV-259876r958754_rule		Medium

Description
Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to ensure that in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure that a compromise of the information system being audited does not also result in a compromise of the audit records. For cloud service environments, security information and event management (SIEM) or syslog capability must be implemented by both Boundary and Mission Computer Network Defense (CND) service providers to log audit information. This requirement can be met by the operating system continuously sending records to a centralized logging server.

Description

Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to ensure that in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure that a compromise of the information system being audited does not also result in a compromise of the audit records. For cloud service environments, security information and event management (SIEM) or syslog capability must be implemented by both Boundary and Mission Computer Network Defense (CND) service providers to log audit information. This requirement can be met by the operating system continuously sending records to a centralized logging server.

STIG	Date
Cloud Computing Mission Owner Operating System Security Requirements Guide	2024-06-13

Details

Check Text ( C-63607r945614_chk )
If this is a Software as a Service (SaaS) implementation, this is not a finding. Verify the IaaS/PaaS is configured to use centralized logging to capture and store the log records produced by the virtual machine (VM) management on the IaaS/PaaS. If the IaaS/PaaS does not perform centralized logging to capture and store the log records produced by the VM management, this is a finding.

Fix Text (F-63514r945615_fix)
This applies to all Impact Levels. FedRAMP - Does not match DOD requirement explicitly. Allows up to seven days for offloading. Moderate, High. Implement a solution for centralized logging to capture and store the log records produced on the IaaS/PaaS.