From Web Policy STIG
Part of Audit Log Retention
Associated with IA controls: ECRR-1
Audit trails (logs) are required, as a minimum, to determine accountability according to DoDI 8500.2. They also provide the accountability functionality of a C2-level trusted requirement. Auditing (logging) provides an investigative tool to detect misuse of the system and has been used as evidence to convict individuals of computer crimes.
The intent of this check is to verify that audit logs generated by web server software (e.g., IIS, Apache, etc.) are retained according to DoDI 8500.2 requirements. This requirement should be a part of either the hosting agency’s SOP or a local audit policy. Logging element requirements for the web server are covered in technical checks. Since web server software relies on the OS to process log events, the OS STIGS will govern all methodologies and policies related to access, handling and storage, transit, and processing. This check only addresses minimum retention periods for web server logs. An MOU or an SLA may require more restrictive retention periods such as those that deal with access to Sources and Methods Intelligence (SAMI) data as defined in DoDI 8500.2. This check does not affect requirements as may be specified in a MOU or an SLA between a hosting agency and an information owner as long as minimum retention periods are achieved. Auditable events and policies, such as those that may be specified by the Application Security and Development STIG, are governed by that STIG. Event logs and policies that may be required by other STIGs will still be governed by those STIGs. The reviewer will work with the IAO, the SA, or the web administrator to verify that audit logs, as generated by the web server software, are retained according to the following requirement: 1. SAMI access will be retained for a minimum of 5 years. 2. Other access will be retained for a period of 1 year. If the reviewer cannot ascertain the retention period for web server logs, this is a finding.
Archive web server access logs for at least 1 year. In the case of SAMI information, the requirement is 5 years.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer