4.8 (L1) Host must store one week of audit records

Information

Ensuring a local storage capacity for a week's worth of audit records is imperative, especially when a remote audit record storage facility is used. This provision is critical during anticipated interruptions in record delivery to the remote facility, preventing loss or overwriting of audit records. The parameter governing this behavior is Syslog.global.auditRecord.storageCapacity with a recommended setting of 100.

Storing a week of audit records locally safeguards against data loss during interruptions with remote storage facilities, maintaining compliance and audit trail continuity.

Solution

Impact:

This security control entails additional storage space consumption for logs, requiring possible adjustments in storage management.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-6(3), 800-53|AU-7, 800-53|AU-12, CSCv7|6.5

Plugin: VMware

Control ID: 5deff5adf890ad6139978916c508ed24aaf76e592207f9689c814a85b01c87a6