IIST-SV-000116 – The log data and records from the IIS 10.0 web server must be backed up onto a different system or media.

Details

Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up log records to an unrelated system, or onto separate media than the system on which the web server is running, helps to ensure the log records will be retained in the event of a catastrophic system failure.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure system backups to include the directory paths of all IIS 10.0 web server and website log files.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_10-0_Y20M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.

References

800-53|AU-9(2)
CAT|II
CCI|CCI-001348
Rule-ID|SV-218791r561041_rule
STIG-ID|IIST-SV-000116
STIG-Legacy|SV-109221
STIG-Legacy|V-100117
Vuln-ID|V-218791

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles