The operating system must support the requirement to centrally manage the content of audit records generated by organization-defined information system components.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-29110	SRG-OS-000043	SV-37104r1_rule		Medium

Description
Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Centralized management of audit records and logs provides for efficiency in maintenance of records, as well as, the backup and archiving of those records. When organizations define application components that require requiring centralized audit log management, operating systems need to support the requirement.

Description

Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Centralized management of audit records and logs provides for efficiency in maintenance of records, as well as, the backup and archiving of those records. When organizations define application components that require requiring centralized audit log management, operating systems need to support the requirement.

STIG	Date
Operating System Security Requirements Guide	2011-12-28

Details

Check Text ( None )
None

Fix Text (None)
None