← Back to Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

V-55325

CAT II (Medium)

The IDPS must off-load log records to a centralized log server.

Rule ID

SV-69571r1_rule

STIG

Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

Version

V2R6

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading ensures audit information does not get overwritten if the limited audit storage capacity is reached and also protects the audit record in case the system/component being audited is compromised.<br /><br />This also prevents the log records from being lost if the logs stored locally are accidentally or intentionally deleted, altered, or corrupted.

Check Content

Verify the IDPS off-loads log records to a centralized log server.<br /><br />If the IDPS does not off-load log records to a centralized log server, this is a finding.

Fix Text

Configure the IDPS to off-load log records to a centralized log server.