An error occurred:

Check: ISEC-06-000500

ISEC7 Sphere STIG: ISEC-06-000500 (in version v2 r1)

Title

The ISEC7 EMM Suite must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 EMM Suite components, and off-load audit records onto a different system or media than the system being audited. (Cat II impact)

Discussion

Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. Satisfies: SRG-APP-000125, SRG-APP-000356, SRG-APP-000358

Check Content

Open the central log repository and verify the ISEC7 logs have been written to the location of the log server. Alternatively: Log in to the ISEC7 EMM Console. Navigate to Administration >> Configuration >> Apache Tomcat Settings. Verify that the log directory path is set to the desired location. On the ISEC7 EMM Suite server, browse to the install directory. Default is %Install Drive%/Program Files/ISEC7 EMM Suite. Select the conf folder. Open config.properties and verify the logPath is set to the desired location. If ISEC7 EMM logs are not written to an audit log management server, this is a finding.

Fix Text

Log in to the ISEC7 EMM Console. Navigate to Administration >> Configuration >> Apache Tomcat Settings. Set the log directory path to the desired location. On the ISEC7 EMM Suite server, browse to the install directory. Default is %Install Drive%/Program Files/ISEC7 EMM Suite. Select the conf folder. Open config.properties and set the logPath to the desired location of the log server.

Additional Identifiers

Rule ID: SV-224766r505933_rule

Vulnerability ID: V-224766

Group Title: SRG-APP-000125

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001348

The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.
CCI-001844

The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.
CCI-001851

The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-3 (2)

Centralized Management Of Planned Audit Record Content
AU-4 (1)

Transfer To Alternate Storage
AU-9 (2)

Audit Backup On Separate Physical Systems / Components