UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must support the requirement to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32401 SRG-APP-000125-DB-000170 SV-42738r1_rule Medium
Description
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40843r1_chk )
Review DBMS vendor documentation to determine whether the DBMS software supports the requirement to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency. This can include a SIEM solution or other log management product. If the DBMS does not allow audit data and records to be backed up onto a different system or media, this is a finding.
Fix Text (F-36316r1_fix)
Utilize DBMS software that supports the ability to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency.