STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

Syslog messages must be retained for a minimum of 30 days online and then stored offline for one year.

DISA Rule

SV-80841r1_rule

Vulnerability Number

V-66351

Group Title

NET1026

Rule Version

NET1026

Severity

CAT III

CCI(s)

• CCI-000167 - The organization retains audit records for an organization-defined time period to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

Weight

10

Fix Recommendation

Configure the syslog server to store messages for at least 30 days on-line. The administrator must establish a strategy for storing the logs off-line for minimum of 1 year.

Check Contents

Examine the syslog server to verify that it is configured to store messages for at least 30 days. Have the administrator show you the syslog files stored offline for one year.

If the syslog messages are not kept online for thirty days and offline for one year, this is a finding.

Vulnerability Number

V-66351

Documentable

False

Rule Version

NET1026

Severity Override Guidance

Examine the syslog server to verify that it is configured to store messages for at least 30 days. Have the administrator show you the syslog files stored offline for one year.

If the syslog messages are not kept online for thirty days and offline for one year, this is a finding.

Check Content Reference

M

Target Key

838

Comments