Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16818 | APP3670 | SV-17818r1_rule | ECCD-2 | Medium |
Description |
---|
Without access control mechanisms in place, the data is not secure. The time and date display of data content change provides an indication that the data may have been accessed by unauthorized persons, and It may have been compromised, misused, or changed. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17817r1_chk ) |
---|
Ask the application representative to demonstrate how the application provides the users of time and date of the last change in data content. This may be demonstrated in application logs, audit logs, or database tables and logs. 1) If the application representative cannot demonstrate the above, this is a finding. |
Fix Text (F-17230r1_fix) |
---|
Implement transaction logs recording access and changes to the data. |