STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must use cryptographic mechanisms to protect the integrity of log tools.

DISA Rule

SV-204776r508029_rule

Vulnerability Number

V-204776

Group Title

SRG-APP-000290

Rule Version

SRG-APP-000290-AS-000174

Severity

CAT II

CCI(s)

• CCI-001496 - The information system implements cryptographic mechanisms to protect the integrity of audit tools.

Weight

10

Fix Recommendation

Configure the application server log tools to be cryptographically signed to protect the integrity of the tools.

Check Contents

Review the application server configuration to determine if the application server log tools have been cryptographically signed to protect the integrity of the tools.

If the application server log tools have not been cryptographically signed, this is a finding.

Vulnerability Number

V-204776

Documentable

False

Rule Version

SRG-APP-000290-AS-000174

Severity Override Guidance

Review the application server configuration to determine if the application server log tools have been cryptographically signed to protect the integrity of the tools.

If the application server log tools have not been cryptographically signed, this is a finding.

Check Content Reference

M

Target Key

2900

Comments