Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-7977 | DSN15.05 | SV-8463r1_rule | ECRR-1 ECSC-1 ECTB-1 ECTP-1 | Medium |
Description |
---|
Requirement: The IAO will ensure that audit records (files) are stored on-line for 90 days and off-line for an additional 12 months. Audit records provide the means for the ISSO/IAO or other designated person to investigate any suspicious activity and to hold users accountable for their actions. By storing audit records online for 90 days and offline for 12 months, the ISSO or other designated personnel will be able to investigate all suspicious activity even if the activity is not noticed immediately. APL NOTE: The storage of log data both online and offline for a given period of time is a site responsibility. While a vendor's product may provide the required storage capacity for a sufficient number of log entries internally to satisfy the online storage requirement, it must at a minimum work in conjunction with a logging server where the logs can be collected and maintained online. The remote logging process should also be automated such that logs are collected without SA intervention. The vendor's product and the architecture in which it is implemented as a whole must support the online storage requirement. Such requirements are covered elsewhere and do not constitute a finding here.. |
STIG | Date |
---|---|
Defense Switched Network (DSN) STIG | 2015-06-30 |
Check Text ( C-7703r1_chk ) |
---|
Inspect or review the required “documents on file” that are necessary for compliance with the requirement. |
Fix Text (F-7552r1_fix) |
---|
Ensure audit records are stored online for 90 days and offline for 12 months. |