STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

In the event of a system failure, applications must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

DISA Rule

SV-222586r508029_rule

Vulnerability Number

V-222586

Group Title

SRG-APP-000226

Rule Version

APSC-DV-002320

Severity

CAT II

CCI(s)

• CCI-001665 - The information system preserves organization-defined system state information in the event of a system failure.

Weight

10

Fix Recommendation

Create operational configuration documentation that identifies information needed for the application to return back into service or specify no such data is required, and retain data required to determine root cause of application failures.

Check Contents

Review application documentation, interview application administrator to identify how the application logs error events.

The application operational requirements documentation should provide the specific information that must be preserved in order to return the application back into operation as quickly and efficiently as possible. The application administrator will need to identify and provide the information based upon operational requirements documents.

Application diagnostic information should be kept in logs for evaluation and investigation into root cause.

If documentation is provided stating that no particular information needs to be retained in order to expediently bring the application back online, this is not a finding.

If the application does not log the data required to determine root cause of application failure, or if information specified as required in order to expediently bring the application back online is not retained, this is a finding.

Vulnerability Number

V-222586

Documentable

False

Rule Version

APSC-DV-002320

Severity Override Guidance

Review application documentation, interview application administrator to identify how the application logs error events.

The application operational requirements documentation should provide the specific information that must be preserved in order to return the application back into operation as quickly and efficiently as possible. The application administrator will need to identify and provide the information based upon operational requirements documents.

Application diagnostic information should be kept in logs for evaluation and investigation into root cause.

If documentation is provided stating that no particular information needs to be retained in order to expediently bring the application back online, this is not a finding.

If the application does not log the data required to determine root cause of application failure, or if information specified as required in order to expediently bring the application back online is not retained, this is a finding.

Check Content Reference

M

Target Key

4093

Comments