UCF STIG Viewer Logo

When using centralized logging; the application must include a unique identifier in order to distinguish itself from other application logs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69433 APSC-DV-001000 SV-84055r1_rule Medium
Description
Without establishing the source, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. In the case of centralized logging, or other instances where log files are consolidated, there is risk that the application's log data could be co-mingled with other log data. To address this issue, the application itself must be identified as well as the application host or client name. In order to compile an accurate risk assessment, and provide forensic analysis, it is essential for security personnel to know the source of the event, particularly in the case of centralized logging. Associating information about the source of the event within the application provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured application.
STIG Date
Application Security and Development Security Technical Implementation Guide 2018-12-24

Details

Check Text ( C-69851r1_chk )
If the application is logging locally and does not utilize a centralized logging solution, this requirement is not applicable.

Review system documentation and identify log location. Access the application logs.

Review the application logs.

Ensure the application is uniquely identified either within the logs themselves or via log storage mechanisms.

Ensure the hosts or client names hosting the application are also identified. Either hostname or IP address is acceptable.

If the application name and the hosts or client names are not identified, this is a finding.
Fix Text (F-75609r1_fix)
Configure the application logs or the centralized log storage facility so the application name and the hosts hosting the application are uniquely identified in the logs.