V-224875
SV-224875r958754_rule
CAT II
Audit records must be backed up to a different system or media than the system being audited.
From: Microsoft Windows Server 2016 Security Technical Implementation Guide (V2R10)
Description
<VulnDiscussion>Protection of log data includes assuring the log data is not accidentally lost or deleted. Audit information stored in one location is vulnerable to accidental or incidental deletion or alteration.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Determine if a process to back up log data to a different system or media than the system being audited has been implemented.
If it has not, this is a finding.
Fix Text
Establish and implement a process for backing up log data to another system or media other than the system being audited.
CCI Reference
CCI-001851- Created
- 2026-01-14 17:55:45
- Last Updated
- 2026-01-14 17:55:45