Central Log Server Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000368
Group -
SRG-APP-000369
Group -
The Central Log Server must be configured to perform audit reduction that does not alter original content or time ordering of log records.
If the audit reduction capability alters the content or time ordering of log records, the integrity of the log records is compromised, and the records are no longer usable for forensic analysis. Ti...Rule Low Severity -
SRG-APP-000370
Group -
The Central Log Server must be configured to generate reports that do not alter original content or time ordering of log records.
If the audit report generation capability alters the original content or time ordering of log records, the integrity of the log records is compromised, and the records are no longer usable for fore...Rule Low Severity -
SRG-APP-000374
Group -
Upon receipt of the log record from hosts and devices, the Central Log Server must be configured to record time stamps of the time of receipt that can be mapped to Coordinated Universal Time (UTC).
If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Tim...Rule Low Severity -
SRG-APP-000375
Group -
The Central Log Server must be configured to record time stamps for when log records are received by the log server that meet a granularity of one second for a minimum degree of precision.
Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the application include date and time. Granu...Rule Low Severity -
SRG-APP-000391
Group -
SRG-APP-000392
Group -
The Central Log Server must be configured to electronically verify the DoD CAC credential.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
SRG-APP-000439
Group -
SRG-APP-000514
Group -
The Central Log Server must implement NIST FIPS-validated cryptography for the following: to provision digital signatures; to generate cryptographic hashes; and/or to protect unclassified information requiring confidentiality and cryptographic protection.
FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems. Unvalidated cryptography is viewed by NIST as providi...Rule High Severity -
SRG-APP-000515
Group -
The Central Log Server must be configured to off-load interconnected systems in real time and off-load standalone systems weekly, at a minimum.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Alt...Rule Low Severity -
SRG-APP-000516
Group -
SRG-APP-000516
Group -
The Central Log Server that aggregates log records from hosts and devices must be configured to use TCP for transmission.
If the default UDP protocol is used for communication between the hosts and devices to the Central Log Server, then log records that do not reach the log server are not detected as a data loss. The...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.