Free DISA STIG and SRG Library | Vaulted

V-57425

The application server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly.

Finding ID
SRG-APP-000515-AS-000203
Rule ID
SV-71697r2_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000515-AS-000203
CCI
CCI-001851
Target Key
(None)
Documentable
No
Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can track and understand what may have occurred. Off-loading should be set up as a scheduled task but can be configured to be run manually, if other processes during the off-loading are manual. Off-loading is a common process in information systems with limited log storage capacity.

Fix Text

Configure the application server to off-load interconnected systems in real time and standalone systems weekly.

Check Content

Verify the log records are being off-loaded, at a minimum of real time for interconnected systems and weekly for standalone systems. If the application server is not meeting these requirements, this is a finding.