STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-9 (2) — Protection of Audit Information

CCI-001348

Definition

Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component than the system or component being audited.

Parent Control

AU-9 (2)Protection of Audit InformationAudit and Accountability

Linked STIG Checks (70)

V-255594CAT IIIThe A10 Networks ADC must back up audit records at least every seven days onto a different system or system component than the system or component being audited.A10 Networks ADC NDM Security Technical Implementation Guide V-279070CAT IIColdFusion must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Adobe ColdFusion Security Technical Implementation Guide V-214237CAT IIThe log data and records from the Apache web server must be backed up onto a different system or media.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214316CAT IIThe log data and records from the Apache web server must be backed up onto a different system or media.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222506CAT IIThe application must back up audit records at least every seven days onto a different system or system component than the system or component being audited.Application Security and Development Security Technical Implementation Guide V-204738CAT IIThe application server must back up log records at least every seven days onto a different system or system component than the system or component being logged.Application Server Security Requirements Guide V-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-272430CAT IIThe BIND 9.x server implementation must maintain at least three file versions of the local log file.BIND 9.x Security Technical Implementation Guide V-272431CAT IIThe BIND 9.x server implementation must be configured with a channel to send audit records to a local file.BIND 9.x Security Technical Implementation Guide V-272432CAT IThe BIND 9.x server implementation must be configured with a channel to send audit records to at least two remote syslogs.BIND 9.x Security Technical Implementation Guide V-272433CAT IIThe BIND 9.x server implementation must not be configured with a channel to send audit records to null.BIND 9.x Security Technical Implementation Guide V-255503CAT IIIThe CA API Gateway must forward all log audit log messages to the central log server.CA API Gateway NDM Security Technical Implementation Guide V-206458CAT IIIThe Central Log Server must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.Central Log Server Security Requirements Guide V-206459CAT IIIThe Central Log Server system backups must be retained for a minimum of 5 years for SAMI (Sources and Methods Information) and a minimum of 7 days for non-SAMI on media capable of guaranteeing file integrity for the minimum applicable information retention period.Central Log Server Security Requirements Guide V-255547CAT IIIThe DBN-6300 must back up audit records at least every seven days onto a different system or system component than the system or component being audited.DBN-6300 NDM Security Technical Implementation Guide V-205167CAT IIThe DNS server implementations audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.Domain Name System (DNS) Security Requirements Guide V-270944CAT IIThe Dragos Platform must be configured to send backup audit records.Dragos Platform 2.x Security Technical Implementation Guide V-278396CAT INGINX must off-load audit records to a central log server.F5 NGINX Security Technical Implementation Guide V-255640CAT IIIf any logs are stored locally which are not sent to the centralized audit server, CounterACT must back up audit records at least every seven days onto a different system or system component than the system or component being audited.ForeScout CounterACT NDM Security Technical Implementation Guide V-255257CAT IISSMC web server must generate information to be used by external applications or entities to monitor and control remote access.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-65083CAT IIIThe DataPower Gateway must back up audit records at least every seven days onto a different system or system component than the system or component being audited.IBM DataPower Network Device Management Security Technical Implementation Guide V-24364CAT IIHardware Management Console audit record content data must be backed up.IBM Hardware Management Console (HMC) STIG V-256886CAT IIHardware Management Console audit record content data must be backed up.IBM Hardware Management Console (HMC) Security Technical Implementation Guide V-255796CAT IIThe MQ Appliance messaging server must be configured to fail over to another system in the event of log subsystem failure.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255734CAT IIThe MQ Appliance network device must back up audit records at least every seven days onto a different system or system component than the system or component being audited.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-224766CAT IIThe ISEC7 SPHERE must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 SPHERE components, and offload audit records onto a different system or media than the system being audited.ISEC7 Sphere Security Technical Implementation Guide V-214162CAT IIThe Infoblox system audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.Infoblox 7.x DNS Security Technical Implementation Guide V-233858CAT IIThe Infoblox system audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.Infoblox 8.x DNS Security Technical Implementation Guide V-251405CAT IIThe Ivanti EPMM server must back up audit records at least every seven days onto a log management server.Ivanti EPMM Server Security Technical Implementation Guide V-251405CAT IIThe Ivanti MobileIron Core server must back up audit records at least every seven days onto a log management server.Ivanti MobileIron Core MDM Server Security Technical Implementation Guide V-213516CAT IIJBoss log records must be off-loaded onto a different system or system component a minimum of every seven days.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-272889CAT IMicrosoft Defender for Endpoint (MDE) must be connected to a central log server.Microsoft Defender for Endpoint Security Technical Implementation Guide V-270227CAT IIMicrosoft Entra ID must be configured to transfer logs to another server for storage, analysis, and reporting.Microsoft Entra ID Security Technical Implementation Guide V-221215CAT IIExchange audit data must be on separate partitions.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228369CAT IIExchange Audit data must be on separate partitions.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259588CAT IIExchange audit data must be on separate partitions.Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259663CAT IIExchange audit data must be on separate partitions.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-218791CAT IIThe log data and records from the IIS 10.0 web server must be backed up onto a different system or media.Microsoft IIS 10.0 Server Security Technical Implementation Guide V-273868CAT IIMicrosoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.Microsoft Intune MDM Service Desktop & Mobile Security Technical Implementation Guide V-273868CAT IIMicrosoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.Microsoft Intune MDM Service Desktop & Mobile Security Technical Implementation Guide V-215660CAT IIThe Windows 2012 DNS Servers audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-259415CAT IIThe Windows DNS Server audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-273202CAT IOkta must off-load audit records onto a central log server.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-221337CAT IIThe log data and records from OHS must be backed up onto a different system or media.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-92295CAT IIThe SEL-2740S must be configured to send log data to a Syslog server or collected by another parent OTSDN Controller.SEL-2740S NDM Security Technical Implementation Guide V-216469CAT IIThe operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited.Solaris 11 SPARC Security Technical Implementation Guide V-216233CAT IIThe operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited.Solaris 11 X86 Security Technical Implementation Guide V-221612CAT IIISplunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251673CAT IIISplunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-94679CAT IISymantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.Symantec ProxySG NDM Security Technical Implementation Guide V-254862CAT IIThe Tanium operating system (TanOS) must offload audit records onto a different system or media than the system being audited.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-241130CAT IITrend Deep Security must back up audit records at least every seven days onto a different system or system component than the system or component being audited.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-234347CAT IIThe UEM server must back up audit records at least every seven days onto a log management server.Unified Endpoint Management Server Security Requirements Guide V-240055CAT IIHAProxy log files must be backed up onto a different system or media.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-69173CAT IIIThe NSX Manager must back up audit records at least every seven days onto a different system or system component than the system or component being audited.VMware NSX Manager Security Technical Implementation Guide V-240234CAT IILighttpd log data and records must be backed up onto a different system or media.VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide V-240780CAT IItc Server ALL log data and records must be backed up onto a different system or media.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240933CAT IIThe vAMI log records must be backed up at least every seven days onto a different system or system component than the system or component being logged.VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide V-241630CAT IItc Server ALL log data and records must be backed up onto a different system or media.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-256652CAT IIThe rsyslog must be configured to monitor VAMI logs.VMware vSphere 7.0 VAMI Security Technical Implementation Guide V-256701CAT IIRsyslog must be configured to monitor and ship ESX Agent Manager log files.VMware vSphere 7.0 vCenter Appliance EAM Security Technical Implementation Guide V-256733CAT IILookup Service log files must be offloaded to a central log server in real time.VMware vSphere 7.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-256640CAT IIRsyslog must be configured to monitor and ship Performance Charts log files.VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-256775CAT IISecurity Token Service log data and records must be backed up onto a different system or media.VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide V-256806CAT IIvSphere UI log files must be moved to a permanent repository in accordance with site policy.VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide V-259163CAT IIThe vCenter Rhttpproxy service log files must be sent to a central log server.VMware vSphere 8.0 vCenter Appliance Envoy Security Technical Implementation Guide V-259142CAT IIThe vCenter VAMI service must off-load log records onto a different system or media from the system being logged.VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) Security Technical Implementation Guide V-206371CAT IIThe log data and records from the web server must be backed up onto a different system or media.Web Server Security Requirements Guide V-269586CAT IXylok Security Suite must use a central log server for auditing records.Xylok Security Suite 20.x Security Technical Implementation Guide