Navigate

Check: APSC-DV-002900

Application Security and Development STIG: APSC-DV-002900 (in version v6 r4)

Title

The ISSO must ensure application audit trails are retained for at least 30 months (12 months active + 18 months cold storage) for applications without SAMI data and five years for applications including SAMI data. (Cat II impact)

Discussion

Log files are a requirement to trace intruder activity or to audit user activity.

Check Content

Verify a process is in place to retain application audit log files for 30 months (12 months active + 18 months cold storage) for non-SAMI data and five years for SAMI data. If audit logs have not been retained for 30 months (12 months active + 18 months cold storage) or five years for SAMI data, this is a finding.

Fix Text

Retain application audit log files for 30 months (12 months active + 18 months cold storage) for non-SAMI data and five years for SAMI data.

Additional Identifiers

Rule ID: SV-222621r1136913_rule

Vulnerability ID: V-222621

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000167	Retain audit records for an organization-defined time period to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-11	Audit Record Retention