800-53|AU-9(2)

Title

AUDIT BACKUP ON SEPARATE PHYSICAL SYSTEMS / COMPONENTS

Description

The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited.

Supplemental

This control enhancement helps to ensure that a compromise of the information system being audited does not also result in a compromise of the audit records.

Reference Item Details

Related: AU-11,AU-4,AU-5

Category: AUDIT AND ACCOUNTABILITY

Parent Title: PROTECTION OF AUDIT INFORMATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
2.1.1 - Configuring syslog - local logging - '*.info;auth.none entry exists in /etc/syslog.conf'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.1.1 - Configuring syslog - local logging - 'auth.info entry exists in /etc/syslog.conf'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.1.2 - Configuring syslog - remote logging - '*.info;auth.none remote entry exists in /etc/syslog.conf'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.1.2 - Configuring syslog - remote logging - 'auth.info remote entry exists in /etc/syslog.conf'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.1.3 - Configuring syslog - remote messagesUnixCIS AIX 5.3/6.1 L2 v1.1.0
2.12 Configure centralized and remote loggingUnixCIS Docker 1.12.0 v1.0.0 L2 Docker
2.12 Configure centralized and remote loggingUnixCIS Docker 1.11.0 v1.0.0 L2 Docker
3.3 Configure remote logging for ESXi hostsVMwareCIS VMware ESXi 5.5 v1.2.0 Level 1
3.4 Configure remote logging for ESXi hostsVMwareCIS VMware ESXi 5.1 v1.0.1 Level 1
4 - Send logs to a remote serverUnixTNS Best Practice JBoss 7 Linux
4.1.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
4.2.1.3 Ensure rsyslog default file permissions configuredUnixCIS Amazon Linux v2.1.0 L1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.confUnixCIS Amazon Linux v2.1.0 L1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Distribution Independent Linux Server L1 v2.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Debian Family Server L1 v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Debian Family Workstation L1 v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Amazon Linux v2.1.0 L1
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Amazon Linux v2.1.0 L1
4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hostsUnixCIS Amazon Linux v2.1.0 L1
5 - Granular Log LevelsUnixTNS Best Practice JBoss 7 Linux
6.5 Use a centralized and remote log collection serviceUnixCIS Docker 1.6 v1.0.0 L1 Docker
7.2.3 Ensure syslog is not configured to receive logs from a remote clientUnixCIS IBM AIX 7 v1.0.0 L2
8.2.5 Configure rsyslog to Send Logs to a Remote Log HostUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
8.2.6 Accept Remote rsyslog Messages Only on Designated Log HostsUnixCIS Debian Linux 7 L1 v1.0.0
Adtran : Ensure the log level is set at an appropriate settingAdtranTNS Adtran AOS Best Practice Audit
Adtran : Forward logs to syslog serverAdtranTNS Adtran AOS Best Practice Audit
AS24-U1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
BIND-9X-001017 - The BIND 9.x server implementation must not be configured with a channel to send audit records to null.UnixDISA BIND 9.x STIG v2r3
BIND-9X-001042 - The BIND 9.x server implementation must maintain at least 3 file versions of the local log file.UnixDISA BIND 9.x STIG v2r3
Brocade - Enable the track changes feature for SNMP trapsBrocadeTenable Best Practices Brocade FabricOS
Brocade - Forward all error logs to syslog daemonBrocadeTenable Best Practices Brocade FabricOS
Brocade - SNMPv3 trap targets are configured properlyBrocadeTenable Best Practices Brocade FabricOS
Citrix ADM - Syslog - Configure serverCitrix_Application_DeliveryTenable Best Practice Citrix ADM v1.0.0
ESXi : enable-remote-syslogVMwareVMWare vSphere 5.X Hardening Guide
ESXi : enable-remote-syslogVMwareVMWare vSphere 6.5 Hardening Guide
ESXi : enable-remote-syslogVMwareVMWare vSphere 6.0 Hardening Guide
EX13-CA-000085 - Exchange must have Audit data on separate partitions.WindowsDISA Microsoft Exchange 2013 Client Access Server STIG v2r2