The Microsoft SCOM server must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
An XCCDF Rule
Description
<VulnDiscussion>Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-237431r643939_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Establish and implement a process for keeping the Security Log as well as the Operations Manager log. Most DoD enclaves are already running tools such as Splunk or Azure Log Analytics. It is important that these logs be ingested by these tools.