An error occurred:

Check: 1.029

Windows 2008 Domain Controller STIG: 1.029 (in versions v6 r47 through v6 r35)

Title

There is no local policy for reviewing audit logs. (Cat II impact)

Discussion

To be of value, audit logs from servers and other critical systems will be reviewed on a daily basis to identify security breaches and potential weaknesses in the security structure. This can be done with the use of monitoring software or other utilities for this purpose.

Check Content

The site will have a policy that requires servers and other critical systems be reviewed on a daily basis to identify possible security breaches and weakness. This can be accomplished with the use of monitoring software or other utilities for this purpose.

Fix Text

Create a site policy that mandates review of audit logs.

Additional Identifiers

Rule ID: SV-29723r2_rule

Vulnerability ID: V-3491

Group Title: Reviewing Audit Logs

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings