Navigate

Check: SRG-NET-000334-ALG-000050

Application Layer Gateway SRG: SRG-NET-000334-ALG-000050 (in versions v2 r2 through v1 r2)

Title

The ALG must off-load audit records onto a centralized log server. (Cat II impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. This does not apply to audit logs generated on behalf of the device itself (management).

Check Content

Verify the ALG off-loads audit records onto a centralized log server. If the ALG does not off-load audit records onto a centralized log server, this is a finding.

Fix Text

Configure the ALG to off-load audit records onto a centralized log server.

Additional Identifiers

Rule ID: SV-204995r831372_rule

Vulnerability ID: V-204995

Group Title: SRG-NET-000334

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001851	Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-4(1)	Transfer to Alternate Storage