STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must produce log records that contain sufficient information to establish the outcome of events.

DISA Rule

SV-204725r508029_rule

Vulnerability Number

V-204725

Group Title

SRG-APP-000099

Rule Version

SRG-APP-000099-AS-000062

Severity

CAT II

CCI(s)

• CCI-000134 - The information system generates audit records containing information that establishes the outcome of the event.

Weight

10

Fix Recommendation

Configure the application server logging system to log the event outcome.

Check Contents

Review application server documentation and the log files on the application server to determine if the logs contain information that establishes the outcome of event data.

If the application server is not configured to meet this requirement, this is a finding.

Vulnerability Number

V-204725

Documentable

False

Rule Version

SRG-APP-000099-AS-000062

Severity Override Guidance

Review application server documentation and the log files on the application server to determine if the logs contain information that establishes the outcome of event data.

If the application server is not configured to meet this requirement, this is a finding.

Check Content Reference

M

Target Key

2900

Comments