STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must log the enforcement actions used to restrict access associated with changes to the application server.

DISA Rule

SV-204797r508029_rule

Vulnerability Number

V-204797

Group Title

SRG-APP-000381

Rule Version

SRG-APP-000381-AS-000089

Severity

CAT II

CCI(s)

• CCI-001814 - The Information system supports auditing of the enforcement actions.

Weight

10

Fix Recommendation

Configure the application server to log the enforcement actions used to restrict access associated with changes to the application server.

Check Contents

Check the application server documentation and logs to determine if enforcement actions used to restrict access associated with changes to the application server are logged.

If these actions are not logged, this is a finding.

Vulnerability Number

V-204797

Documentable

False

Rule Version

SRG-APP-000381-AS-000089

Severity Override Guidance

Check the application server documentation and logs to determine if enforcement actions used to restrict access associated with changes to the application server are logged.

If these actions are not logged, this is a finding.

Check Content Reference

M

Target Key

2900

Comments