ONTAP must off-load audit records onto a different system or media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246934 | NAOT-AU-000002 | SV-246934r769134_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
| STIG | Date |
|---|---|
| NetApp ONTAP DSC 9.x Security Technical Implementation Guide | 2021-07-28 |
Details
| Check Text ( C-50366r769132_chk ) |
|---|
| Use "cluster log-forwarding show" to see if remote syslogging of ONTAP audit records is configured. If ONTAP cannot be configured to off-load audit records onto a different system or media, this is a finding. |
| Fix Text (F-50320r769133_fix) |
|---|
| Configure ONTAP to off-load audit records to a remote syslog server with "cluster log-forwarding create -destination |