Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
DBN-6300 NDM Security Technical Implementation Guide
SRG-APP-000515-NDM-000325
The DBN-6300 must off-load audit records onto a different system or media than the system being audited.
The DBN-6300 must off-load audit records onto a different system or media than the system being audited.
An XCCDF Rule
Details
Profiles
Prose
The DBN-6300 must off-load audit records onto a different system or media than the system being audited.
Medium Severity
<VulnDiscussion>Off-loading ensures audit information does not get overwritten if the limited audit storage capacity is reached and also protects the audit record in case the system/component being audited is compromised. The intent of this control is to ensure that log information does not get overwritten if the limited log storage capacity is reached and also to protect the log records in general if the system/component being logged is compromised (hence the notion of off-loading onto a different system or media) but the intent is not to hold the information in more than one or multiple locations. This requirement is intended to address the primary repository, which is on the centralized Syslog server. This requirement is only applicable to the server used as the Syslog server. With the DBN-6300, audit records are automatically backed up on a real-time basis via syslog when enabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>