UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer will ensure the application supports the creation of transaction logs for access and changes to the data.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16816 APP3640 SV-17816r1_rule ECCD-2 Medium
Description
Without required logging and access control, security issues related to data changes will not be identified. This could lead to security compromises such as data misuse, unauthorized changes, or unauthorized access.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-17815r1_chk )
Ask the application representative to login as an unprivileged user and demonstrate the application creates transaction logs for access and changes to the data. Verify transaction logs exist and the log records access and changes to the data. This check is in addition to the ECAR auditing requirements.

1) If the application representative cannot demonstrate the above, it is a finding.
Fix Text (F-17115r1_fix)
Implement transaction logs which records access, and changes, to the data.