Information
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defined frequency helps to assure, in the event of a catastrophic system failure, the audit records will be retained.
This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.
This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Document and implement a backup policy to back up the DNS Server's audit records at least every seven days.