DoD STIGs – V-32401

Overview:

Title: The DBMS must support the requirement to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency.

Vulnerability ID: V-32401

STIG ID:

IA Controls: None

Severity: medium

Description: Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained.

Check Text: Review DBMS vendor documentation to determine whether the DBMS software supports the requirement to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency. This can include a SIEM solution or other log management product. If the DBMS does not allow audit data and records to be backed up onto a different system or media, this is a finding.

Fix Text: Utilize DBMS software that supports the ability to back up audit data and records onto a different system or media than the system being audited on an organization defined frequency.

[divider]

Interpreting V-32401:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.