The ISEC7 EMM Suite must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 EMM Suite components, and off-load audit records onto a different system or media than the system being audited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-97407	ISEC-06-000500	SV-106511r1_rule		Medium

Description
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. Satisfies: SRG-APP-000125, SRG-APP-000356, SRG-APP-000358

Description

Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. Satisfies: SRG-APP-000125, SRG-APP-000356, SRG-APP-000358

STIG	Date
ISEC7 EMM Suite v6.x Security Technical Implementation Guide	2019-09-05

Details

Check Text ( C-96243r1_chk )
Open the central log repository and verify the ISEC7 logs have been written to the location of the log server. Alternatively: Log in to the ISEC7 EMM Console. Navigate to Administration >> Configuration >> Apache Tomcat Settings. Verify that the log directory path is set to the desired location. On the ISEC7 EMM Suite server, browse to the install directory. Default is %Install Drive%/Program Files/ISEC7 EMM Suite. Select the conf folder. Open config.properties and verify the logPath is set to the desired location. If ISEC7 EMM logs are not written to an audit log management server, this is a finding.

Check Text ( C-96243r1_chk )

Open the central log repository and verify the ISEC7 logs have been written to the location of the log server.

Alternatively:

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify that the log directory path is set to the desired location.

On the ISEC7 EMM Suite server, browse to the install directory.
Default is %Install Drive%/Program Files/ISEC7 EMM Suite.
Select the conf folder.
Open config.properties and verify the logPath is set to the desired location.

If ISEC7 EMM logs are not written to an audit log management server, this is a finding.

Fix Text (F-103085r1_fix)
Log in to the ISEC7 EMM Console. Navigate to Administration >> Configuration >> Apache Tomcat Settings. Set the log directory path to the desired location. On the ISEC7 EMM Suite server, browse to the install directory. Default is %Install Drive%/Program Files/ISEC7 EMM Suite. Select the conf folder. Open config.properties and set the logPath to the desired location of the log server.