STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The log data and records from the web server must be backed up onto a different system or media.

DISA Rule

SV-54251r3_rule

Vulnerability Number

V-41674

Group Title

SRG-APP-000125-WSR-000071

Rule Version

SRG-APP-000125-WSR-000071

Severity

CAT II

CCI(s)

• CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

10

Fix Recommendation

Configure the web server logs to be backed up onto a different system or media other than the system being logged.

Check Contents

Review the web server documentation and deployed configuration to determine if the web server log records are backed up onto an unrelated system or media than the system being logged.

If the web server logs are not backed up onto a different system or media than the system being logged, this is a finding.

Vulnerability Number

V-41674

Documentable

False

Rule Version

SRG-APP-000125-WSR-000071

Severity Override Guidance

Review the web server documentation and deployed configuration to determine if the web server log records are backed up onto an unrelated system or media than the system being logged.

If the web server logs are not backed up onto a different system or media than the system being logged, this is a finding.

Check Content Reference

M

Target Key

2557

Comments