Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.

Description

<VulnDiscussion>Automation Controller must be configured to use external logging to compile log records from multiple components within the server. The events occurring must be time-correlated in order to conduct accurate forensic analysis. In addition, the correlation must meet certain tolerance criteria. For instance, DOD may define that the time stamps of different logged events must not differ by any amount greater than ten seconds. Automation Controller must utilize an external logging tool that provides this capability. Satisfies: SRG-APP-000080-AS-000045, SRG-APP-000086-AS-000048, SRG-APP-000108-AS-000067, SRG-APP-000125-AS-000084, SRG-APP-000181-AS-000255, SRG-APP-000358-AS-000064, SRG-APP-000505-AS-000230, SRG-APP-000506-AS-000231, SRG-APP-000515-AS-000203</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>