STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must provide the capability to filter audit records for events of interest based upon organization-defined criteria.

DISA Rule

SV-222488r508029_rule

Vulnerability Number

V-222488

Group Title

SRG-APP-000115

Rule Version

APSC-DV-001140

Severity

CAT II

CCI(s)

• CCI-000158 - The information system provides the capability to process audit records for events of interest based on organization-defined audit fields within audit records.

Weight

10

Fix Recommendation

Configure the application filters to search event logs based on defined criteria.

Check Contents

Review the system documentation and interview the application administrator for details regarding application architecture and logging configuration.

Identify the application components and the logs associated with the components as well as the locations of the logs.

If the application utilizes a centralized logging system that provides the capability to filter log events based upon the following events, this requirement is not applicable.

Review the application log management utility.

Ensure the application provides the ability to filter on audit events based upon the following minimum criteria:

Users: e.g., specific users or groups
Event types:
Event dates and time:
System resources involved: e.g., application components or modules.
IP addresses:
Information objects accessed:
Event level categories: e.g., high, critical, warning, error
Key words: e.g., a specific search string

Additional details may be logged as needed or prescribed by operational requirements.

If the application does not provide the ability to filter audit events, this is a finding.

Vulnerability Number

V-222488

Documentable

False

Rule Version

APSC-DV-001140

Severity Override Guidance

Review the system documentation and interview the application administrator for details regarding application architecture and logging configuration.

Identify the application components and the logs associated with the components as well as the locations of the logs.

If the application utilizes a centralized logging system that provides the capability to filter log events based upon the following events, this requirement is not applicable.

Review the application log management utility.

Ensure the application provides the ability to filter on audit events based upon the following minimum criteria:

Users: e.g., specific users or groups
Event types:
Event dates and time:
System resources involved: e.g., application components or modules.
IP addresses:
Information objects accessed:
Event level categories: e.g., high, critical, warning, error
Key words: e.g., a specific search string

Additional details may be logged as needed or prescribed by operational requirements.

If the application does not provide the ability to filter audit events, this is a finding.

Check Content Reference

M

Target Key

4093

Comments