STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must protect log information from unauthorized deletion.

DISA Rule

SV-204734r508029_rule

Vulnerability Number

V-204734

Group Title

SRG-APP-000120

Rule Version

SRG-APP-000120-AS-000080

Severity

CAT II

CCI(s)

• CCI-000164 - The information system protects audit information from unauthorized deletion.

Weight

10

Fix Recommendation

Configure the application server to protect log information from unauthorized deletion.

Check Contents

Review the configuration settings to determine if the application server log features protect log information from unauthorized deletion.

Review file system settings to verify the application server sets secure file permissions on log files to prevent unauthorized deletion.

If the application server does not protect log information from unauthorized deletion, this is a finding.

Vulnerability Number

V-204734

Documentable

False

Rule Version

SRG-APP-000120-AS-000080

Severity Override Guidance

Review the configuration settings to determine if the application server log features protect log information from unauthorized deletion.

Review file system settings to verify the application server sets secure file permissions on log files to prevent unauthorized deletion.

If the application server does not protect log information from unauthorized deletion, this is a finding.

Check Content Reference

M

Target Key

2900

Comments