Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must provide a user role which designates which organizational personnel select auditable events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35142 | SRG-APP-000090-AS-000051 | SV-46429r1_rule | Low |
| Description |
|---|
| Audit records can be generated from various components within the application server, (e.g. , httpd, beans, etc.) From an application perspective, certain specific application functionalities may be audited, as well. The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (e.g., auditable events, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked). Application servers utilize role-based access controls in order to specify the individuals who are allowed to configure application component auditable events. The AS must be configured to select which personnel are assigned the role of selecting which auditable events are to be audited. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43529r1_chk ) |
|---|
| Review AS product documentation and configuration to determine if the system is configured to assign personnel to a role responsible for selecting auditable events. If the system is not configured to perform this function this is a finding. |
| Fix Text (F-39693r1_fix) |
|---|
| Configure the AS by assigning organizational personnel to the role which selects and controls auditable events on the AS. |