The application server must generate audit records for the DoD-selected list of auditable events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35143 | SRG-APP-000091-AS-000052 | SV-46430r1_rule | Low |
| Description |
|---|
| Audit records can be generated from various components within the application server. The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (e.g., auditable events, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked). The DoD-required auditable events are events that assist in intrusion detection and forensic analysis. Failure to capture them increases the likelihood that an adversary can breach the system without detection. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43530r1_chk ) |
|---|
| Review product documentation and the system configuration to determine if the DoD-required auditable events are recorded. Required events include system startup and shutdown, successful and unsuccessful application deployment attempts, program execution, and integrity validation failures. Verify a reasonable subset of these events is captured in practice by examining the audit logs. If the audit logs do not include DoD-required auditable events, this is a finding. |
| Fix Text (F-39694r1_fix) |
|---|
| Configure the AS to generate audit records for the DoD-required auditable events. |