Check: SRG-APP-000125-MAPP-NA
Mobile Application SRG:
SRG-APP-000125-MAPP-NA
(in version v1 r1)
Title
The application must support the requirement to back up audit data and records onto a different system or media than the system being audited on an organization-defined frequency. (Cat II impact)
Discussion
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. Rationale for non-applicability: This control is required in the MDM SRG. Mobile applications can leverage the audit review, analysis, and reporting tools of centralized logging systems.
Check Content
This requirement is NA for the MAPP SRG.
Fix Text
The requirement is NA. No fix is required.
Additional Identifiers
Rule ID: SV-46652r1_rule
Vulnerability ID: V-35365
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001348 |
Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component than the system or component being audited. |
Controls
| Number | Title |
|---|---|
| AU-9(2) |
Audit Backup On Separate Physical Systems / Components |