Check: DSN15.05
Defense Switched Network (DSN) STIG:
DSN15.05
(in versions v2 r8 through v2 r7)
Title
Audit record archive and storage do not meet minimum requirements. (Cat II impact)
Discussion
Requirement: The IAO will ensure that audit records (files) are stored on-line for 90 days and off-line for an additional 12 months. Audit records provide the means for the ISSO/IAO or other designated person to investigate any suspicious activity and to hold users accountable for their actions. By storing audit records online for 90 days and offline for 12 months, the ISSO or other designated personnel will be able to investigate all suspicious activity even if the activity is not noticed immediately. APL NOTE: The storage of log data both online and offline for a given period of time is a site responsibility. While a vendor's product may provide the required storage capacity for a sufficient number of log entries internally to satisfy the online storage requirement, it must at a minimum work in conjunction with a logging server where the logs can be collected and maintained online. The remote logging process should also be automated such that logs are collected without SA intervention. The vendor's product and the architecture in which it is implemented as a whole must support the online storage requirement. Such requirements are covered elsewhere and do not constitute a finding here..
Check Content
Inspect or review the required “documents on file” that are necessary for compliance with the requirement.
Fix Text
Ensure audit records are stored online for 90 days and offline for 12 months.
Additional Identifiers
Rule ID: SV-8463r1_rule
Vulnerability ID: V-7977
Group Title: Audit records not properly archived and stored
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |