STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must be configured to write application logs to a centralized log repository.

DISA Rule

SV-222482r508029_rule

Vulnerability Number

V-222482

Group Title

SRG-APP-000515

Rule Version

APSC-DV-001080

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Configure the application to utilize a centralized log repository and ensure the logs are off-loaded from the application system as quickly as possible.

Check Contents

Review application documentation and interview application administrator.

Evaluate application log management processes and determine if the system is configured to utilize a centralized log management system for the hosting and management of application audit logs.

If the system is not configured to write the application logs to the centralized log management repository in an expeditious manner, this is a finding.

Vulnerability Number

V-222482

Documentable

False

Rule Version

APSC-DV-001080

Severity Override Guidance

Review application documentation and interview application administrator.

Evaluate application log management processes and determine if the system is configured to utilize a centralized log management system for the hosting and management of application audit logs.

If the system is not configured to write the application logs to the centralized log management repository in an expeditious manner, this is a finding.

Check Content Reference

M

Target Key

4093

Comments