CCI|CCI-001348

Title

Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component that the system or component being audited.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AS24-U1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.	Windows	DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
BIND-9X-001017 - The BIND 9.x server implementation must not be configured with a channel to send audit records to null.	Unix	DISA BIND 9.x STIG v2r3
BIND-9X-001040 - The BIND 9.x server implementation must be configured with a channel to send audit records to a remote syslog.	Unix	DISA BIND 9.x STIG v2r3
BIND-9X-001041 - The BIND 9.x server implementation must be configured with a channel to send audit records to a local file.	Unix	DISA BIND 9.x STIG v2r3
BIND-9X-001042 - The BIND 9.x server implementation must maintain at least 3 file versions of the local log file.	Unix	DISA BIND 9.x STIG v2r3
EX13-CA-000085 - Exchange must have Audit data on separate partitions.	Windows	DISA Microsoft Exchange 2013 Client Access Server STIG v2r2
EX13-EG-000070 - Exchange audit data must be on separate partitions.	Windows	DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6
EX13-MB-000080 - Exchange Audit data must be on separate partitions.	Windows	DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-ED-000140 - Exchange audit data must be on separate partitions.	Windows	DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000160 - Exchange Audit data must be on separate partitions.	Windows	DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-ED-000050 Exchange audit data must be on separate partitions.	Windows	DISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-MB-000058 Exchange audit data must be on separate partitions.	Windows	DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1
GEN002870 - The system must be configured to send audit records to a remote audit server - NFS	Unix	DISA STIG Solaris 10 X86 v2r4
GEN002870 - The system must be configured to send audit records to a remote audit server - NFS	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN002870 - The system must be configured to send audit records to a remote audit server - SYSLOG	Unix	DISA STIG Solaris 10 X86 v2r4
GEN002870 - The system must be configured to send audit records to a remote audit server - SYSLOG	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN005450 - The system must use a remote syslog server (log host).	Unix	DISA STIG Solaris 10 X86 v2r4
GEN005450 - The system must use a remote syslog server (log host).	Unix	DISA STIG Solaris 10 SPARC v2r4
IIST-SV-000116 - The log data and records from the IIS 10.0 web server must be backed up onto a different system or media.	Windows	DISA IIS 10.0 Server v3r1
IIST-SV-000116 - The log data and records from the IIS 10.0 web server must be backed up onto a different system or media.	Windows	DISA IIS 10.0 Server v2r10
IISW-SV-000116 - The log data and records from the IIS 8.5 web server must be backed up onto a different system or media.	Windows	DISA IIS 8.5 Server v2r7
JBOS-AS-000195 - JBoss log records must be off-loaded onto a different system or system component a minimum of every seven days.	Unix	DISA RedHat JBoss EAP 6.3 STIG v2r4
OH12-1X-000077 - The log data and records from OHS must be backed up onto a different system or media.	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OL6-00-000136 - The operating system must back up audit records on an organization defined frequency onto a different system or media than the system being audited.	Unix	DISA STIG Oracle Linux 6 v2r7
RHEL-06-000136 - The operating system must back up audit records on an organization defined frequency onto a different system or media than the system being audited.	Unix	DISA Red Hat Enterprise Linux 6 STIG v2r2
SOL-11.1-090220 - The operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited.	Unix	DISA STIG Solaris 11 SPARC v3r1
SOL-11.1-090220 - The operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited.	Unix	DISA STIG Solaris 11 X86 v3r1
SPLK-CL-000105 - Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.	Splunk	DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
SPLK-CL-000250 - Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.	Splunk	DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API
SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog Enabled	BlueCoat	DISA Symantec ProxySG Benchmark NDM v1r2
SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog IP	BlueCoat	DISA Symantec ProxySG Benchmark NDM v1r2
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - access	Unix	DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - catalina	Unix	DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - firstboot	Unix	DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - localhost	Unix	DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - main	Unix	DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - stdout	Unix	DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-70-000029 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files.	Unix	DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2
VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs.	Unix	DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3
VCLD-70-000008 - The rsyslog must be configured to monitor VAMI logs.	Unix	DISA STIG VMware vSphere 7.0 VAMI v1r2
VCLD-80-000022 The vCenter VAMI service must off-load log records onto a different system or media from the system being logged.	Unix	DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1
VCLU-70-000028 - Lookup Service log files must be offloaded to a central log server in real time.	Unix	DISA STIG VMware vSphere 7.0 Lookup Service v1r2
VCPF-67-000027 - Rsyslog must be configured to monitor and ship Performance Charts log files - localhost_access	Unix	DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3
VCPF-67-000027 - Rsyslog must be configured to monitor and ship Performance Charts log files - runtime	Unix	DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3
VCPF-70-000030 - Rsyslog must be configured to monitor and ship Performance Charts log files.	Unix	DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - sts-runtime	Unix	DISA STIG VMware vSphere 6.7 STS Tomcat v1r3
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - vmidentity	Unix	DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Detections

Analytics

CCI|CCI-001348

Title

Reference Item Details

Audit Items