Title

Audit records are NOT stored in an unalterable file and can be accessed by individuals not authorized to analyze switch access activity. (Cat II impact)

Discussion

Requirement: The IAO will ensure that auditing records are placed in an unalterable audit or history file that is available only to those individuals authorized to analyze switch access and configuration activity. Audit files must be available to only those individuals who are authorized and have a need to analyze DSN activity. These records must be stored in a format that will prevent any individual from making modifications to the records. Audit files are necessary to investigate switch activity that appears to be abusive, unauthorized, or damaging to the DSN.

Check Content

Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices.

Fix Text

Ensure that all auditing records are recorded to a device that will not allow any individual to make alterations to their content. Ensure that only authorized individuals have access to these files.

Additional Identifiers

Rule ID: SV-8459r1_rule

Vulnerability ID: V-7973

Group Title: Audit records NOT stored in an unalterable file

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.