Check: SRG-NET-000334-VVSM-00101
Unified Communications Session Management SRG:
SRG-NET-000334-VVSM-00101
(in version v1 r0.1)
Title
The Unified Communications Session Manager must be configured to offload session (call) records to a central log server. (Cat I impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. This requirement only applies to components where this is specific to the function of the device (e.g., IDPS sensor logs, firewall logs). This does not apply to audit logs generated on behalf of the device itself (management).
Check Content
Verify the Unified Communications Session Manager offloads session records to a central log server. If the Unified Communications Session Manager does not offload session records to a central log server, this is a finding.
Fix Text
Configure the Unified Communications Session Manager to offload session records to a central log server.
Additional Identifiers
Rule ID: SRG-NET-000334-VVSM-00101_rule
Vulnerability ID: SRG-NET-000334-VVSM-00101
Group Title: SRG-NET-000334-VVSM-00101
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |
Controls
| Number | Title |
|---|---|
| AU-4(1) |
Transfer to Alternate Storage |