STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must generate log records containing information that establishes the identity of any individual or process associated with the event.

DISA Rule

SV-204726r508029_rule

Vulnerability Number

V-204726

Group Title

SRG-APP-000100

Rule Version

SRG-APP-000100-AS-000063

Severity

CAT II

CCI(s)

• CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.

Weight

10

Fix Recommendation

Configure the application server logging system to log the identity of the user or process related to the events.

Check Contents

Review application server documentation and the log files on the application server to determine if the logs contain information that establishes the identity of the user or process associated with log event data.

If the application server does not produce logs that establish the identity of the user or process associated with log event data, this is a finding.

Vulnerability Number

V-204726

Documentable

False

Rule Version

SRG-APP-000100-AS-000063

Severity Override Guidance

Review application server documentation and the log files on the application server to determine if the logs contain information that establishes the identity of the user or process associated with log event data.

If the application server does not produce logs that establish the identity of the user or process associated with log event data, this is a finding.

Check Content Reference

M

Target Key

2900

Comments