Audit data must be reviewed on a regular basis.

From Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide

Part of WINAU-000100

Associated with IA controls: ECAT-2, ECAT-1

Associated with: CCI-000366

SV-51561r1_rule Audit data must be reviewed on a regular basis.

Vulnerability discussion

To be of value, audit logs from critical systems must be reviewed on a regular basis. Critical systems should be reviewed on a daily basis to identify security breaches and potential weaknesses in the security structure. This can be done with the use of monitoring software or other utilities for this purpose.

Check content

Determine whether audit logs are reviewed on a predetermined schedule. If audit logs are not reviewed on a regular basis, this is a finding.

Fix text

Review audit logs on a predetermined scheduled.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer