Check: 1.032
Windows 2008 Domain Controller STIG:
1.032
(in versions v6 r47 through v6 r35)
Title
Audit data must be retained for at least one year. (Cat II impact)
Discussion
Audit records are essential for investigating system activity after the fact. Retention periods for audit data are determined based on the sensitivity of the data handled by the system.
Check Content
Determine whether audit data is retained for at least one year. If the audit data is not retained for at least one year, this is a finding.
Fix Text
Ensure the audit data is retained for at least one year.
Additional Identifiers
Rule ID: SV-29752r2_rule
Vulnerability ID: V-14226
Group Title: Archiving Audit Logs
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |