Check: SRG-NET-000511-VVEP-00010
Unified Communications Endpoint SRG:
SRG-NET-000511-VVEP-00010
(in version v1 r0.1)
Title
The Unified Communications Endpoint must, at a minimum, offload interconnected systems in real-time and offload standalone systems weekly. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Audit records are commonly produced by session management and border elements. Many Unified Communications Endpoints are not capable of providing audit records and instead rely on session management and border elements. Unified Communications Endpoints capable of producing audit records provide supplemental confirmation of monitored events. Unified Communications Endpoints that support audit records must support offloading.
Check Content
Verify the Unified Communications Endpoint offloads audit records in real time or weekly. If the Unified Communications Endpoint does not offload audit records in real time or weekly, this is a finding.
Fix Text
Configure the Unified Communications Endpoint to offload audit records in real time or weekly.
Additional Identifiers
Rule ID: SRG-NET-000511-VVEP-00010_rule
Vulnerability ID: SRG-NET-000511-VVEP-00010
Group Title: SRG-NET-000511-VVEP-00010
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |
Controls
| Number | Title |
|---|---|
| AU-4(1) |
Transfer to Alternate Storage |