V-206371
SV-206371r960948_rule
CAT II
The log data and records from the web server must be backed up onto a different system or media.
From: Web Server Security Requirements Guide (V4R4)
Description
<VulnDiscussion>Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up log records to an unrelated system or onto separate media than the system the web server is actually running on helps to assure that, in the event of a catastrophic system failure, the log records will be retained.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review the web server documentation and deployed configuration to determine if the web server log records are backed up onto an unrelated system or media than the system being logged.
If the web server logs are not backed up onto a different system or media than the system being logged, this is a finding.
Fix Text
Configure the web server logs to be backed up onto a different system or media other than the system being logged.
CCI Reference
CCI-001348- Created
- 2026-04-07 20:08:40
- Last Updated
- 2026-04-07 20:08:40