Audit records must be backed up on an organization defined frequency onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| WN12-AU-000203 | WN12-AU-000203 | WN12-AU-000203_rule | Medium |
| Description |
|---|
| Protection of log data includes assuring the log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organization defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. |
| STIG | Date |
|---|---|
| Microsoft Windows Server 2012 Member Server Security Technical Implementation Guide | 2013-07-25 |
Details
| Check Text ( C-WN12-AU-000203_chk ) |
|---|
| Determine if a process to backup log data on an organization defined frequency to a different system or media than the system being audited has been implemented. If it has not, this is a finding. |
| Fix Text (F-WN12-AU-000203_fix) |
|---|
| Establish and implement a process for backing up log data on an organization defined frequency to another system or media other than the system being audited. |