Navigate

Check: SRG-OS-000342-GPOS-00133

General Purpose Operating System SRG: SRG-OS-000342-GPOS-00133 (in versions v3 r2 through v1 r6)

Title

The operating system must offload audit records onto a different system or media from the system being audited. (Cat III impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

Check Content

Verify the operating system off-loads audit records onto a different system or media from the system being audited. If it does not, this is a finding.

Fix Text

Configure the operating system to off-load audit records onto a different system or media from the system being audited.

Additional Identifiers

Rule ID: SV-203701r958754_rule

Vulnerability ID: V-203701

Group Title: SRG-OS-000342

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001851	Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-4(1)	Transfer to Alternate Storage