Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-55209 | SRG-APP-000125-NDM-000241 | SV-69455r1_rule | Medium |
Description |
---|
Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2017-07-07 |
Check Text ( C-55831r1_chk ) |
---|
Determine if the network device backs up audit records at least every seven days onto a different system or system component than the system or component being audited. This requirement may be verified by configuration review. This requirement can be met by use of a syslog/audit log server if the device is configured to send logs to that server. Backup requirements would be levied on the target server but are not a part of this check. If the network device does not back up audit records at least every seven days onto a different system or system component than the system or component being audited, this is a finding. |
Fix Text (F-60075r1_fix) |
---|
Configure the network device to back up audit records at least every seven days onto a different system or system component than the system or component being audited. |