STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must generate audit records when successful/unsuccessful accesses to objects occur.

DISA Rule

SV-222465r508029_rule

Vulnerability Number

V-222465

Group Title

SRG-APP-000507

Rule Version

APSC-DV-000860

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application to log successful and unsuccessful access to application objects.

Check Contents

Review the application documentation and interview the application administrator to identify log locations.

Access the application logs.

Review the logs and identify if the application is logging both successful and unsuccessful access to application objects such as files, folders, processes, or application modules and sub components, or systems.

If the application does not log application object access, this is a finding.

Vulnerability Number

V-222465

Documentable

False

Rule Version

APSC-DV-000860

Severity Override Guidance

Review the application documentation and interview the application administrator to identify log locations.

Access the application logs.

Review the logs and identify if the application is logging both successful and unsuccessful access to application objects such as files, folders, processes, or application modules and sub components, or systems.

If the application does not log application object access, this is a finding.

Check Content Reference

M

Target Key

4093

Comments