An error occurred:

Check: ISEC-06-000500

ISEC7 Sphere STIG: ISEC-06-000500 (in version v3 r1)

Title

The ISEC7 SPHERE must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 SPHERE components, and offload audit records onto a different system or media than the system being audited. (Cat II impact)

Discussion

Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. Satisfies: SRG-APP-000125, SRG-APP-000356, SRG-APP-000358

Check Content

Open the central log repository and verify the ISEC7 logs have been written to the location of the log server. Log in to the ISEC7 SPHERE Console. Navigate to Administration >> Configuration >> Apache Tomcat Settings. Verify that the log directory path is set to the desired location. Alternatively: On the ISEC7 SPHERE server, browse to the install directory. Default is %Install Drive%/Program Files/ISEC7 SPHERE. Select the conf folder. Open config.properties and verify the logPath is set to the desired location. If ISEC7 SPHERE logs are not written to an audit log management server, this is a finding.

Fix Text

Log in to the ISEC7 SPHERE Console. Navigate to Administration >> Configuration >> Apache Tomcat Settings. Set the log directory path to the desired location. Alternatively: On the ISEC7 SPHERE server, browse to the install directory. Default is %Install Drive%/Program Files/ISEC7 SPHERE. Select the conf folder. Open config.properties and set the logPath to the desired location of the log server.

Additional Identifiers

Rule ID: SV-224766r1013812_rule

Vulnerability ID: V-224766

Group Title: SRG-APP-000125

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001348

Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component than the system or component being audited.
CCI-001851

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4(1)

Transfer to Alternate Storage
AU-9(2)

Audit Backup On Separate Physical Systems / Components