STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222672r508029_rule
V-222672
SRG-APP-000506
APSC-DV-003360
CAT III
10
Configure the application to log concurrent logons from different workstations.
Review the application documentation and interview the application administrator to identify where log records are stored.
Access log records then log on to the application as a regular user from one workstation. Take note of workstation IP address and confirm the address as the source workstation.
Have the application administrator log on to the application from another workstation using the same account.
Validate the IP address of the second workstation is recorded in the logs.
If the application does not create an audit record when concurrent logons occur from different workstations, this is a finding.
V-222672
False
APSC-DV-003360
Review the application documentation and interview the application administrator to identify where log records are stored.
Access log records then log on to the application as a regular user from one workstation. Take note of workstation IP address and confirm the address as the source workstation.
Have the application administrator log on to the application from another workstation using the same account.
Validate the IP address of the second workstation is recorded in the logs.
If the application does not create an audit record when concurrent logons occur from different workstations, this is a finding.
M
4093