Back

Back up logs according to backup procedures.


CONTROL ID
01344
CONTROL TYPE
Log Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a log management program., CC ID: 00673

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Securing back-up and disposal of log files (Critical components of information security 21) iii.c., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • The procedures for backing up audit logs should be included in the Standard Operating Procedures for the System Administrator. (Control: 0055 Table Row "System backup and recovery", Australian Government Information Security Manual: Controls)
  • Audit logs should be backed up on a regular basis onto write-once media. (§ 3.7.17, Australian Government ICT Security Manual (ACSI 33))
  • Are rule sets backed up? (Table Row V.10, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • The information assurance officer should ensure the audit logs are copied to a backup medium that the Security Administrator does not have write or delete permissions on a regular basis, if Separation of Duties is not possible. (§ 4.7 ¶ 2, DISA Access Control STIG, Version 2, Release 3)
  • The Information Assurance Officer/Network Security Officer will ensure medical device audit log data is backed up weekly. (§ 6.1.2.6 (MED0740: CAT III), Medical Devices Security Technical Implementation Guide, Version 1, Release 1)
  • The audit records must be backed up onto a different system or different media not less than weekly. (ECTB-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • Are the firewall logs backed up? (IT - Firewalls Q 20, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union Information Technology policy include the backup of firewall logs and intrusion detection logs? (IT - Policy Checklist Q 6, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Organizational records and documents and the system configuration should be examined to ensure the audit information is written to hardware-enforced, write-once media. Test the system by generating audit information to ensure it is written to hardware-enforced write-once media. (AU-9(1), AU-9.7, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • The organization should back up audit records at named intervals onto a different system or media than the system being audited. (App F § AU-9(2), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The information system backs up audit records {organizationally documented frequency} onto a physically different system or system component than the system or component being audited. (AU-9(2), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The information system backs up audit records {organizationally documented frequency} onto a physically different system or system component than the system or component being audited. (AU-9(2), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)