From Email Services Policy STIG
Part of EMG3-079 Automated Audit Reporting Tool
Associated with IA controls: ECRG-1
Monitors are automated “process watchers” that respond to performance changes, and can be useful in detecting outages and alerting administrators where attention is needed. Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. However, audit record collection may quickly overwhelm storage resources and an auditor’s ability to review it in a productive manner. Add to that, an audit trail that is not monitored for detection of suspicious activities provides little value. Regular or daily review of audit logs not only leads to the earliest possible notice of a compromise, but can also minimize the extent of the compromise.
Access the EDSP for description of automated audit trail review tool. Review automated tool usage artifacts or reports with audit trail result data. If automated tools are available for review and reporting on email server audit records, this is not a finding.
Implement automated reporting tools for Email Server audit records. Document the specifics in the EDSP.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer