Check: SRG-OS-000360-VMM-001370
Virtual Machine Manager SRG:
SRG-OS-000360-VMM-001370
(in versions v2 r2 through v1 r3)
Title
The VMM must enforce dual authorization for movement and/or deletion of all audit information, when such movement or deletion is not part of an authorized automatic process. (Cat II impact)
Discussion
An authorized user may intentionally or accidentally move or delete audit records without those specific actions being authorized. All bulk manipulation of audit information must be via authorized automatic processes. Any manual manipulation of audit information must require dual authorization. Dual authorization mechanisms require the approval of two authorized individuals in order to execute.
Check Content
Verify the VMM enforces dual authorization for movement and/or deletion of all audit information, when such movement or deletion is not part of an authorized automatic process. If it does not, this is a finding.
Fix Text
Configure the VMM to enforce dual authorization for movement and/or deletion of all audit information, when such movement or deletion is not part of an authorized automatic process.
Additional Identifiers
Rule ID: SV-207467r958790_rule
Vulnerability ID: V-207467
Group Title: SRG-OS-000360
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
| CCI-001896 |
Enforce dual authorization for movement and/or deletion of organization-defined audit information. |