Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DBMS must support the requirement to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32401 | SRG-APP-000125-DB-000170 | SV-42738r1_rule | Medium |
| Description |
|---|
| Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. |
| STIG | Date |
|---|---|
| Database Security Requirements Guide | 2012-07-02 |
Details
| Check Text ( C-40843r1_chk ) |
|---|
| Review DBMS vendor documentation to determine whether the DBMS software supports the requirement to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency. This can include a SIEM solution or other log management product. If the DBMS does not allow audit data and records to be backed up onto a different system or media, this is a finding. |
| Fix Text (F-36316r1_fix) |
|---|
| Utilize DBMS software that supports the ability to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency. |