Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16816 | APP3640 | SV-17816r1_rule | ECCD-2 | Medium |
Description |
---|
Without required logging and access control, security issues related to data changes will not be identified. This could lead to security compromises such as data misuse, unauthorized changes, or unauthorized access. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17815r1_chk ) |
---|
Ask the application representative to login as an unprivileged user and demonstrate the application creates transaction logs for access and changes to the data. Verify transaction logs exist and the log records access and changes to the data. This check is in addition to the ECAR auditing requirements. 1) If the application representative cannot demonstrate the above, it is a finding. |
Fix Text (F-17115r1_fix) |
---|
Implement transaction logs which records access, and changes, to the data. |