The network device must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-55209 | SRG-APP-000125-NDM-000241 | SV-69455r1_rule | Medium |
| Description |
|---|
| Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2017-07-07 |
Details
| Check Text ( C-55831r1_chk ) |
|---|
| Determine if the network device backs up audit records at least every seven days onto a different system or system component than the system or component being audited. This requirement may be verified by configuration review. This requirement can be met by use of a syslog/audit log server if the device is configured to send logs to that server. Backup requirements would be levied on the target server but are not a part of this check. If the network device does not back up audit records at least every seven days onto a different system or system component than the system or component being audited, this is a finding. |
| Fix Text (F-60075r1_fix) |
|---|
| Configure the network device to back up audit records at least every seven days onto a different system or system component than the system or component being audited. |