Audit logs are archived to prevent loss.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-14226 | 1.032 | SV-29752r1_rule | ECRR-1 | Medium |
| Description |
|---|
| This check verifies that Audit logs are archived to ensure data is not being lost. Audit logs are retained for at least one year, systems containing source and methods intelligence (SAMI) will be retained for five years in accordance with DoD policy. |
| STIG | Date |
|---|---|
| Windows 2008 Member Server Security Technical Implementation Guide | 2015-03-09 |
Details
| Check Text ( C-11572r1_chk ) |
|---|
| Interview the SA to determine the process for archiving audit logs. Audit logs are retained for at least one year; on systems containing sources and methods intelligence (SAMI) logs will be retained for five years. |
| Fix Text (F-13550r1_fix) |
|---|
| Define a process for archiving audit logs as required. |