UCF STIG Viewer Logo

The application must generate audit records containing information that establishes the identity of any individual or process associated with the event.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69437 APSC-DV-001020 SV-84059r1_rule Medium
Description
Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event. Event identifiers (if authenticated or otherwise known) include, but are not limited to, user database tables, primary key values, user names, or process identifiers.
STIG Date
Application Security and Development Security Technical Implementation Guide 2018-04-03

Details

Check Text ( C-69855r1_chk )
Review system documentation and discuss application operation with application administrator.

Identify application processes and application users.
Identify application components, e.g., application features framework and function. Identify server components, such as web server, database server.

Review application logs. Ensure the application event logs include an identifier or identifiers that will allow an investigator to determine the user or the application process responsible for the application event.

If the event logs do not include the appropriate identifier or identifiers, this is a finding.
Fix Text (F-75613r1_fix)
Configure the application to log the identity of the user and/or the process associated with the event.