Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must backup system level and sensor event log records at an organizationally defined frequency onto a different system or media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34565 | SRG-NET-999999-IDPS-00235 | SV-45414r1_rule | Low |
| Description |
|---|
| Sensor event logging is a key component of any security architecture. An attack may cause corruption or delete the active events log. Maintaining a backup of the logs will minimize the loss of data needed for incident investigation, forensics analysis, or operational trend analysis. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42763r1_chk ) |
|---|
| Verify the IDPS is included in the site backup plan. Verify files are periodically backed-up in accordance with an organizationally defined schedule. Verify the backup job is scheduled to perform automatically without system administrator intervention. Verify the backup is configured to a different system or off-line media. If the system is not configured to backup log records at an organizationally defined frequency onto a different system or media, this is a finding. |
| Fix Text (F-38811r1_fix) |
|---|
| Configure a backup job to automatically backup the configuration files for all components periodically on a schedule identified by the DAA or designated representative. Verify the backup is configured to direct the sensor log files to a different system or off-line media. |