Navigate

Check: APSC-DV-002900

Application Security and Development STIG: APSC-DV-002900 (in versions v5 r3 through v4 r2)

Title

The ISSO must ensure application audit trails are retained for at least 1 year for applications without SAMI data, and 5 years for applications including SAMI data. (Cat II impact)

Discussion

Log files are a requirement to trace intruder activity or to audit user activity.

Check Content

Verify a process is in place to retain application audit log files for one year and five years for SAMI data. If audit logs have not been retained for one year or five years for SAMI data, this is a finding.

Fix Text

Retain application audit log files for one year and five years for SAMI data.

Additional Identifiers

Rule ID: SV-222621r879887_rule

Vulnerability ID: V-222621

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000167	The organization retains audit records for an organization-defined time period to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-11	Audit Record Retention
CM-6	Configuration Settings