STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

DISA Rule

SV-222506r508029_rule

Vulnerability Number

V-222506

Group Title

SRG-APP-000125

Rule Version

APSC-DV-001340

Severity

CAT II

CCI(s)

• CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

10

Fix Recommendation

Configure application backup settings to backup application audit logs every 7 days.

Check Contents

Review the application documentation and interview the application administrator.

Identify log functionality and locations of log files.

If the application does not include a built-in backup capability for backing up its own audit records, this requirement is not applicable.

Access the management interface for configuring application audit logs and review the backup settings.

If the application backup settings are not configured to backup application audit records every 7 days, this is a finding.

Vulnerability Number

V-222506

Documentable

False

Rule Version

APSC-DV-001340

Severity Override Guidance

Review the application documentation and interview the application administrator.

Identify log functionality and locations of log files.

If the application does not include a built-in backup capability for backing up its own audit records, this requirement is not applicable.

Access the management interface for configuring application audit logs and review the backup settings.

If the application backup settings are not configured to backup application audit records every 7 days, this is a finding.

Check Content Reference

M

Target Key

4093

Comments