Audit records are NOT stored in an unalterable file and can be accessed by individuals not authorized to analyze switch access activity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7973	DSN15.01	SV-8459r1_rule	ECSC-1 ECTP-1	Medium

Description
Requirement: The IAO will ensure that auditing records are placed in an unalterable audit or history file that is available only to those individuals authorized to analyze switch access and configuration activity. Audit files must be available to only those individuals who are authorized and have a need to analyze DSN activity. These records must be stored in a format that will prevent any individual from making modifications to the records. Audit files are necessary to investigate switch activity that appears to be abusive, unauthorized, or damaging to the DSN.

Description

Requirement: The IAO will ensure that auditing records are placed in an unalterable audit or history file that is available only to those individuals authorized to analyze switch access and configuration activity. Audit files must be available to only those individuals who are authorized and have a need to analyze DSN activity. These records must be stored in a format that will prevent any individual from making modifications to the records. Audit files are necessary to investigate switch activity that appears to be abusive, unauthorized, or damaging to the DSN.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7379r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices.

Fix Text (F-7548r1_fix)
Ensure that all auditing records are recorded to a device that will not allow any individual to make alterations to their content. Ensure that only authorized individuals have access to these files.