Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application must generate audit records showing starting and ending time for user access to the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69409 | APSC-DV-000850 | SV-84031r1_rule | Medium |
| Description |
|---|
| Knowing when a user’s application session began and when it ended is critical information that aids in forensic analysis. |
| STIG | Date |
|---|---|
| Application Security and Development Security Technical Implementation Guide | 2017-03-20 |
Details
| Check Text ( C-69827r1_chk ) |
|---|
| Review and monitor the application logs. Initiate a user session and observe if the log includes a time stamp showing the start of the session. Terminate the user session and observe if the log includes a time stamp showing the end of the session. If the start and the end time of the session are not recorded in the logs, this is a finding. |
| Fix Text (F-75585r1_fix) |
|---|
| Configure the application or application server to record the start and end time of user session activity. |