UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Audit trail data should be retained for one year.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2507 DG0030-ORACLE11 SV-24368r1_rule Medium
Description
Without preservation, a complete discovery of an attack or suspicious activity may not be determined. DBMS audit data also contributes to the complete investigation of unauthorized activity and needs to be included in audit retention plans and procedures.
STIG Date
Oracle Database 11g Instance STIG 2016-12-14

Details

Check Text ( C-1001r1_chk )
Review and verify the implementation of an audit trail retention policy.

Verify that audit data is maintained for a minimum of one year.

If audit data is not maintained for a minimum of one year, this is a Finding.
Fix Text (F-23729r1_fix)
Develop, document and implement an audit retention policy and procedures.

It is recommended that the most recent thirty days of audit logs remain available online.

After thirty days, the audit logs may be maintained offline.

Online maintenance provides for a more timely capability and inclination to investigate suspicious activity.