STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must use internal system clocks to generate time stamps for log records.

DISA Rule

SV-204731r508029_rule

Vulnerability Number

V-204731

Group Title

SRG-APP-000116

Rule Version

SRG-APP-000116-AS-000076

Severity

CAT II

CCI(s)

• CCI-000159 - The information system uses internal system clocks to generate time stamps for audit records.

Weight

10

Fix Recommendation

Configure the application server to use internal system clocks to generate time stamps for log records.

Check Contents

Review the application server configuration files to determine if the internal system clock is used for time stamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the logs and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for timestamps.

If the application server does not use the internal system clock to generate time stamps, this is a finding.

Vulnerability Number

V-204731

Documentable

False

Rule Version

SRG-APP-000116-AS-000076

Severity Override Guidance

Review the application server configuration files to determine if the internal system clock is used for time stamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the logs and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for timestamps.

If the application server does not use the internal system clock to generate time stamps, this is a finding.

Check Content Reference

M

Target Key

2900

Comments