7.6 System information backup to remote computers

Information

It is best practice to ensure that local computers are not a single point of failure for logging and auditing records about activity on the computer itself. Whether end user activity or system process information a mechanism should be in place to transfer the logs to another system that is hardened to receive them. A hardened log host reduces the risk of failure or compromise, particularly with user end points. From an enterprise management standpoint those records should be reviewed to ensure that there is not a common exploitable vulnerability, system bug or even hardware issue that can affect other devices in the environment.

With changes in Apple's logging methods in the last few years third party tools appear to be preferred to ensure logs and records are obtained appropriately. Aggressive retention likely requires more space than available on built-in SSDs even if offline Time Machine backups are large and pristine.

Please ensure that solutions to capture and retain log and audit records are in place.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

None

See Also

https://workbench.cisecurity.org/files/3197

Item Details

Category: CONTINGENCY PLANNING

References: 800-53|CP-9b., CSCv7|10

Plugin: Unix

Control ID: 643f8a2b0bcd55d76fab894b962ee7893a511e323b20055c3a6c5b3b7e534efd