Back

Back up audit trails according to backup procedures.


CONTROL ID
11642
CONTROL TYPE
Systems Continuity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a log management program., CC ID: 00673

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Critical application system logs/audit trails also need to be backed up as part of the application backup policy. (Critical components of information security 11) c.31., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • All gxp related data and the audit trails should be backed up. (¶ 19.6 Bullet 3, Good Practices For Computerized systems In Regulated GXP Environments)
  • The control system shall provide the capability to produce audit records on hardware-enforced write-once media. (7.11.3.1 ¶ 1, IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels, Edition 1)
  • Components shall provide the capability to store audit records on hardware-enforced write-once media. (7.11.3 (1) ¶ 1, IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • Verify that current audit trail files are promptly backed up to a centralized log server or media that is difficult to alter. (§ 10.5.3, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
  • The organization must ensure audit trails are promptly backed up to a centralized log server or to some form of media that is hard to alter. (§ 10.5.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Verify that current audit trail files are promptly backed up to a centralized log server or media that is difficult to alter. (§ 10.5.3 Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Audit trail files must be promptly backed up to a centralized log server or media that is difficult to change. (PCI DSS Requirements § 10.5.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Promptly back up audit trail files to a centralized log server or media that is difficult to alter. (10.5.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
  • Promptly back up audit trail files to a centralized log server or media that is difficult to alter. (10.5.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Promptly back up audit trail files to a centralized log server or media that is difficult to alter. (10.5.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Are audit trail files promptly backed up to a centralized log server or media that is difficult to alter? (10.5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • Are audit trail files promptly backed up to a centralized log server or media that is difficult to alter? (10.5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Are audit trail files promptly backed up to a centralized log server or media that is difficult to alter? (10.5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Are audit trail files promptly backed up to a centralized log server or media that is difficult to alter? (10.5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Are audit trail files promptly backed up to a centralized log server or media that is difficult to alter? (10.5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Current audit trail files are promptly backed up to a centralized log server or media that is difficult to alter. (10.5.3, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Audit log files, including those for external-facing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify. (10.3.3, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Examine backup configurations or log files to verify that current audit log files, including those for external-facing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify. (10.3.3, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Are audit trail files promptly backed up to a centralized log server or media that is difficult to alter? (PCI DSS Question 10.5.3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Are audit trail files promptly backed up to a centralized log server or media that is difficult to alter? (PCI DSS Question 10.5.3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Audit log files, including those for external-facing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify. (10.3.3, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Audit log files, including those for external-facing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify. (10.3.3, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Audit log files, including those for external-facing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify. (10.3.3, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Audit log files, including those for external-facing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify. (10.3.3, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The information system backs up audit records [FedRAMP Assignment: at least weekly] onto a physically different system or system component than the system or component being audited. (AU-9(2) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The information system backs up audit records [FedRAMP Assignment: at least weekly] onto a physically different system or system component than the system or component being audited. (AU-9(2) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Store audit records [FedRAMP Assignment: at least weekly] in a repository that is part of a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Store audit records [Assignment: organization-defined frequency] in a repository that is part of a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Store audit records [Assignment: organization-defined frequency] in a repository that is part of a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Store audit records [Assignment: organization-defined frequency] in a repository that is part of a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The information system backs up audit records [TX-RAMP Assignment: at least weekly] onto a physically different system or system component than the system or component being audited. (AU-9(2) ¶ 1, TX-RAMP Security Controls Baseline Level 2)