UCF STIG Viewer Logo

The application must provide the capability for authorized users to select a user session to capture/record or view/hear.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69417 APSC-DV-000900 SV-84039r1_rule Medium
Description
This is a specialized requirement for monitoring applications. Not all applications will be required to capture/record or view/hear user sessions.
STIG Date
Application Security and Development Security Technical Implementation Guide 2018-04-03

Details

Check Text ( C-69835r1_chk )
Examine the application documentation and interview the application administrator to identify session capture capabilities within the application.

If the application or mission requirements do not specify the capability for authorized users to select a user session to capture or hear user sessions, this requirement does not apply.

Access the application interface as an authorized user and access the area of the application management functionality that activates session monitoring. Follow application instructions on how to utilize and activate session monitoring capability.

Identify a test user account and activate the capture feature, then access as the test user and execute application functions.

Close the test user session and examine the monitoring results to verify all of the session activity was captured.

If the application does not capture/record or view/hear a user’s session as per application and mission requirements, this is a finding.
Fix Text (F-75593r1_fix)
Design and configure the application to allow authorized users to capture/record and view/hear user sessions.