Audit records must be backed up on an organization defined frequency onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36672 | WN12-AU-000203 | SV-51566r1_rule | ECRR-1 | Medium |
| Description |
|---|
| Protection of log data includes assuring the log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organization defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. |
| STIG | Date |
|---|---|
| Windows Server 2012 Domain Controller Security Technical Implementation Guide | 2014-01-07 |
Details
| Check Text ( C-46832r1_chk ) |
|---|
| Determine if a process to backup log data on an organization defined frequency to a different system or media than the system being audited has been implemented. If it has not, this is a finding. |
| Fix Text (F-44696r1_fix) |
|---|
| Establish and implement a process for backing up log data on an organization defined frequency to another system or media other than the system being audited. |