Monterey - Off-Load Audit Records

Information

Audit records should be off-loaded onto a different system or media from the system being audited.

Information stored in only one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

To secure audit records by off-loading, many operating systems can be integrated with enterprise-level auditing mechanisms that meet or exceed this requirement.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CCE|CCE-90872-3, CCI|CCI-001851

Plugin: Unix

Control ID: 1f975a5cd605bf37db5a557ab795b0bd5fa9d631782b933b80b36c07c7b2f4fd