STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must record the username or user ID of the user associated with the event.

DISA Rule

SV-222449r508029_rule

Vulnerability Number

V-222449

Group Title

SRG-APP-000089

Rule Version

APSC-DV-000700

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Configure the application to record the user ID of the user responsible for the log event entry.

Check Contents

Review and monitor the application logs.

Connect to the application and perform application activity that is allowed by the user such as accessing data or running reports.

Observe if the log includes an entry to indicate the user ID of the user that conducted the activity.

If the user ID is not recorded along with the event in the event log, this is a finding.

Vulnerability Number

V-222449

Documentable

False

Rule Version

APSC-DV-000700

Severity Override Guidance

Review and monitor the application logs.

Connect to the application and perform application activity that is allowed by the user such as accessing data or running reports.

Observe if the log includes an entry to indicate the user ID of the user that conducted the activity.

If the user ID is not recorded along with the event in the event log, this is a finding.

Check Content Reference

M

Target Key

4093

Comments