Check: SRG-APP-000515-AS-000203
Application Server SRG:
SRG-APP-000515-AS-000203
(in versions v3 r4 through v2 r2)
Title
The application server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can track and understand what may have occurred. Off-loading should be set up as a scheduled task but can be configured to be run manually, if other processes during the off-loading are manual. Off-loading is a common process in information systems with limited log storage capacity.
Check Content
Verify the log records are being off-loaded, at a minimum of real time for interconnected systems and weekly for standalone systems. If the application server is not meeting these requirements, this is a finding.
Fix Text
Configure the application server to off-load interconnected systems in real time and standalone systems weekly.
Additional Identifiers
Rule ID: SV-204833r879886_rule
Vulnerability ID: V-204833
Group Title: SRG-APP-000515
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |
Controls
| Number | Title |
|---|---|
| AU-4 (1) |
Transfer To Alternate Storage |