20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'

Information

This policy setting ensures that audit records are backed up to a different system or media than the system being audited.

Protection of log data includes assuring the log data is not accidentally lost or deleted. Audit information stored in one location is vulnerable to accidental or incidental deletion or alteration.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish and implement a process for backing up log data to another system or media other than the system being audited.

Impact:

A secondary system that has enough resources to store large amounts of log data will be needed.

See Also

https://workbench.cisecurity.org/benchmarks/15105

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-6(3), CSCv7|6.5

Plugin: Windows

Control ID: ef6b9c74ce9cac6efc12d12978157ed2ab78dbbccf1a000805197b9047de9906