When SPLUNK saves logs in raw data does it fulfill STIG requirement
Full requirement of Logging:
1.Logs must be tamper-evident
2.Log functionality must support logging of sensitive data (ie: encrypted, and viewable/decrypted only by authorized users)
3.The system shall support “centralized” log functionality
4.The system must support authorization for viewing/configuring logs
In addition, we are required to save the logs for 6 years because it contain PII data. Would SPLUNK digesting log data meet this requirement?