Information
This policy setting ensures that at a minimum, audit records of interconnected systems are off-loaded in real time and stand-alone system audit records are off-loaded at least weekly.
Rationale:
Protection of log data includes assuring the log data is not accidentally lost or deleted. Audit information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Impact:
A secondary system that has enough resources to store large amounts of log data will be needed.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the system to, at a minimum, off-load audit records of interconnected systems in real time and off-load standalone systems weekly.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-224876
Rule ID: SV-224876r569186_rule
STIG ID: WN16-AU-000020
Severity: CAT II