STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must log destination IP addresses.

DISA Rule

SV-222470r508029_rule

Vulnerability Number

V-222470

Group Title

SRG-APP-000095

Rule Version

APSC-DV-000950

Severity

CAT II

CCI(s)

• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.

Weight

10

Fix Recommendation

Configure the application to record the destination IP address of the remote system.

Check Contents

If the application design documentation indicates the application does not initiate connections to remote systems this requirement is not applicable.

Network connections to systems used for support services such as DNS, AD, or LDAP may be stored in the system logs. These connections are applicable.

Identify log source based upon application architecture, design documents and input from application admin.

Review and monitor the application or system logs.

Connect to the application and utilize the application functionality that initiates connections to a destination system.

If the application routinely connects to remote system on a regular basis you may simply allow the application to operate in the background while the logs are observed.

Observe the log activity and determine if the log includes an entry to indicate the IP address of the destination system.

If the IP address of the remote system is not recorded along with the event in the event log, this is a finding.

Vulnerability Number

V-222470

Documentable

False

Rule Version

APSC-DV-000950

Severity Override Guidance

If the application design documentation indicates the application does not initiate connections to remote systems this requirement is not applicable.

Network connections to systems used for support services such as DNS, AD, or LDAP may be stored in the system logs. These connections are applicable.

Identify log source based upon application architecture, design documents and input from application admin.

Review and monitor the application or system logs.

Connect to the application and utilize the application functionality that initiates connections to a destination system.

If the application routinely connects to remote system on a regular basis you may simply allow the application to operate in the background while the logs are observed.

Observe the log activity and determine if the log includes an entry to indicate the IP address of the destination system.

If the IP address of the remote system is not recorded along with the event in the event log, this is a finding.

Check Content Reference

M

Target Key

4093

Comments