The application must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-26864 | SRG-APP-000100 | SV-34144r1_rule | Medium |
| Description |
|---|
| Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. |
| STIG | Date |
|---|---|
| Application Security Requirements Guide | 2011-12-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |