Audit logs will be archived to prevent loss.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-14226 | 1.032 | SV-32275r1_rule | ECRR-1 | Medium |
| Description |
|---|
| This check verifies that Audit logs are archived to ensure data is not being lost. Audit logs are retained for at least 1 year, with systems containing source and methods intelligence (SAMI) retained for 5 years in accordance with DoD policy. |
| STIG | Date |
|---|---|
| Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2013-10-01 |
Details
| Check Text ( C-32925r1_chk ) |
|---|
| Interview the SA to determine the process for archiving audit logs. Audit logs will be retained for at least 1 year; on systems containing sources and methods intelligence (SAMI) logs will be retained for 5 years. |
| Fix Text (F-29052r1_fix) |
|---|
| Define a process for archiving audit logs as required in accordance with DoD policy. |