IIST-SV-000116 - The log data and records from the IIS 10.0 web server must be backed up onto a different system or media.

Information

Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up log records to an unrelated system, or onto separate media than the system on which the web server is running, helps to ensure the log records will be retained in the event of a catastrophic system failure.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure system backups to include the directory paths of all IIS 10.0 web server and website log files.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_10-0_Y24M10_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(2), CAT|II, CCI|CCI-001348, Rule-ID|SV-218791r960948_rule, STIG-ID|IIST-SV-000116, STIG-Legacy|SV-109221, STIG-Legacy|V-100117, Vuln-ID|V-218791

Plugin: Windows

Control ID: 6a7d7e9d5c1b429b96caacb723449047035f7e13761e26ee512a4c7374adf2a7