The application must provide a report generation capability that supports on-demand reporting requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-69469	APSC-DV-001190	SV-84091r1_rule		Medium

Description
The report generation capability must support on-demand reporting in order to facilitate the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security incidents. The report generation capability provided by the application must be capable of generating on-demand (i.e., customizable, ad-hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective. This requirement is specific to applications with report generation capabilities; however, applications need to support on-demand reporting requirements.

Description

The report generation capability must support on-demand reporting in order to facilitate the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security incidents. The report generation capability provided by the application must be capable of generating on-demand (i.e., customizable, ad-hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective. This requirement is specific to applications with report generation capabilities; however, applications need to support on-demand reporting requirements.

STIG	Date
Application Security and Development Security Technical Implementation Guide	2018-12-24

Details

Check Text ( C-69887r1_chk )
Review the application documentation and interview the application administrator for details regarding audit reduction (log record event filtering). Access the application with user rights sufficient to read and filter audit records. Navigate the application user interface and select the application functionality that provides access and interface to audit records and audit reduction (event filtering). If the application uses a centralized logging solution that provides immediate, customizable, ad-hoc report generation functions, the requirement is not applicable. Create an event report. Report data can be based on date ranges, times or events, or other criteria that could be used in an investigation. Use of data from previous checks for audit reduction is encouraged. Review the report and ensure the data in the report coincides with event filters used to create the report. If the application does not provide customizable, immediate, ad-hoc audit log reporting, this is a finding.

Check Text ( C-69887r1_chk )

Review the application documentation and interview the application administrator for details regarding audit reduction (log record event filtering).

Access the application with user rights sufficient to read and filter audit records.

Navigate the application user interface and select the application functionality that provides access and interface to audit records and audit reduction (event filtering).

If the application uses a centralized logging solution that provides immediate, customizable, ad-hoc report generation functions, the requirement is not applicable.

Create an event report. Report data can be based on date ranges, times or events, or other criteria that could be used in an investigation. Use of data from previous checks for audit reduction is encouraged.

Review the report and ensure the data in the report coincides with event filters used to create the report.

If the application does not provide customizable, immediate, ad-hoc audit log reporting, this is a finding.

Fix Text (F-75645r1_fix)
Design or configure the application to provide an on-demand report generation capability or utilize a centralized utility designed for the purpose of on-demand log management and reporting.