An error occurred:

Check: SRG-OS-000058-VMM-000270

Virtual Machine Manager SRG: SRG-OS-000058-VMM-000270 (in versions v2 r2 through v1 r3)

Title

The VMM must protect audit information from unauthorized modification. (Cat II impact)

Discussion

If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of audit data, the VMM must protect audit information from unauthorized modification. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit VMM activity.

Check Content

Verify the VMM protects audit information from unauthorized modification. If it does not, this is a finding.

Fix Text

Configure the VMM to protect audit information from unauthorized modification.

Additional Identifiers

Rule ID: SV-207364r958436_rule

Vulnerability ID: V-207364

Group Title: SRG-OS-000058

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000163

Protect audit information from unauthorized modification.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9

Protection of Audit Information