Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001348
CCI
CCI|CCI-001348
Title
Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component that the system or component being audited.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
AS24-U1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.
Windows
DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
BIND-9X-001017 - The BIND 9.x server implementation must not be configured with a channel to send audit records to null.
Unix
DISA BIND 9.x STIG v2r3
BIND-9X-001040 - The BIND 9.x server implementation must be configured with a channel to send audit records to a remote syslog.
Unix
DISA BIND 9.x STIG v2r3
BIND-9X-001041 - The BIND 9.x server implementation must be configured with a channel to send audit records to a local file.
Unix
DISA BIND 9.x STIG v2r3
BIND-9X-001042 - The BIND 9.x server implementation must maintain at least 3 file versions of the local log file.
Unix
DISA BIND 9.x STIG v2r3
EX13-CA-000085 - Exchange must have Audit data on separate partitions.
Windows
DISA Microsoft Exchange 2013 Client Access Server STIG v2r2
EX13-EG-000070 - Exchange audit data must be on separate partitions.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6
EX13-MB-000080 - Exchange Audit data must be on separate partitions.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-ED-000140 - Exchange audit data must be on separate partitions.
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000160 - Exchange Audit data must be on separate partitions.
Windows
DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-ED-000050 - Exchange audit data must be on separate partitions.
Windows
DISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-MB-000058 - Exchange audit data must be on separate partitions.
Windows
DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2
GEN002870 - The system must be configured to send audit records to a remote audit server - NFS
Unix
DISA STIG Solaris 10 X86 v2r4
GEN002870 - The system must be configured to send audit records to a remote audit server - NFS
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN002870 - The system must be configured to send audit records to a remote audit server - SYSLOG
Unix
DISA STIG Solaris 10 X86 v2r4
GEN002870 - The system must be configured to send audit records to a remote audit server - SYSLOG
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN005450 - The system must use a remote syslog server (log host).
Unix
DISA STIG Solaris 10 X86 v2r4
GEN005450 - The system must use a remote syslog server (log host).
Unix
DISA STIG Solaris 10 SPARC v2r4
IIST-SV-000116 - The log data and records from the IIS 10.0 web server must be backed up onto a different system or media.
Windows
DISA IIS 10.0 Server v2r10
IIST-SV-000116 - The log data and records from the IIS 10.0 web server must be backed up onto a different system or media.
Windows
DISA IIS 10.0 Server v3r2
IISW-SV-000116 - The log data and records from the IIS 8.5 web server must be backed up onto a different system or media.
Windows
DISA IIS 8.5 Server v2r7
JBOS-AS-000195 - JBoss log records must be off-loaded onto a different system or system component a minimum of every seven days.
Unix
DISA JBoss EAP 6.3 STIG v2r5
OH12-1X-000077 - The log data and records from OHS must be backed up onto a different system or media.
Unix
DISA STIG Oracle HTTP Server 12.1.3 v2r2
OL6-00-000136 - The operating system must back up audit records on an organization defined frequency onto a different system or media than the system being audited.
Unix
DISA STIG Oracle Linux 6 v2r7
RHEL-06-000136 - The operating system must back up audit records on an organization defined frequency onto a different system or media than the system being audited.
Unix
DISA Red Hat Enterprise Linux 6 STIG v2r2
SOL-11.1-090220 - The operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
Unix
DISA STIG Solaris 11 SPARC v3r1
SOL-11.1-090220 - The operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
Unix
DISA STIG Solaris 11 X86 v3r1
SPLK-CL-000105 - Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.
Splunk
DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
SPLK-CL-000250 - Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.
Splunk
DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API
SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog Enabled
BlueCoat
DISA Symantec ProxySG Benchmark NDM v1r2
SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog IP
BlueCoat
DISA Symantec ProxySG Benchmark NDM v1r2
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - access
Unix
DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - catalina
Unix
DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - firstboot
Unix
DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - localhost
Unix
DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - main
Unix
DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - stdout
Unix
DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-70-000029 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files.
Unix
DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2
VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs.
Unix
DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3
VCLD-70-000008 - The rsyslog must be configured to monitor VAMI logs.
Unix
DISA STIG VMware vSphere 7.0 VAMI v1r2
VCLD-80-000022 The vCenter VAMI service must off-load log records onto a different system or media from the system being logged.
Unix
DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1
VCLU-70-000028 - Lookup Service log files must be offloaded to a central log server in real time.
Unix
DISA STIG VMware vSphere 7.0 Lookup Service v1r2
VCPF-67-000027 - Rsyslog must be configured to monitor and ship Performance Charts log files - localhost_access
Unix
DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3
VCPF-67-000027 - Rsyslog must be configured to monitor and ship Performance Charts log files - runtime
Unix
DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3
VCPF-70-000030 - Rsyslog must be configured to monitor and ship Performance Charts log files.
Unix
DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - sts-runtime
Unix
DISA STIG VMware vSphere 6.7 STS Tomcat v1r3
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - vmidentity
Unix
DISA STIG VMware vSphere 6.7 STS Tomcat v1r3