STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must implement transaction recovery logs when transaction based.

DISA Rule

SV-222479r508029_rule

Vulnerability Number

V-222479

Group Title

SRG-APP-000101

Rule Version

APSC-DV-001040

Severity

CAT II

CCI(s)

• CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Weight

10

Fix Recommendation

Configure the application database to utilize transactional logging.

Check Contents

Review the application documentation and interview the application administrator. Have the application administrator provide configuration settings that demonstrate transaction logging is enabled.

Review configuration settings for the location of transaction specific logs and verify transaction logs exist and the log records access and changes to the data.

If the application is not configured to utilize transaction logging, this is a finding.

Vulnerability Number

V-222479

Documentable

False

Rule Version

APSC-DV-001040

Severity Override Guidance

Review the application documentation and interview the application administrator. Have the application administrator provide configuration settings that demonstrate transaction logging is enabled.

Review configuration settings for the location of transaction specific logs and verify transaction logs exist and the log records access and changes to the data.

If the application is not configured to utilize transaction logging, this is a finding.

Check Content Reference

M

Target Key

4093

Comments