UCF STIG Viewer Logo

The application server must capture, record, and log all content related to an administrative user session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35150 SRG-APP-000093-AS-000054 SV-46437r1_rule Low
Description
User sessions for an application server are in the context of server management only. The application server must be capable of enabling a setting for troubleshooting or debugging purposes which will log all administrative user session information related to server management.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43536r1_chk )
Review the AS configuration to determine if the AS captures/records and logs all content related to an administrator session. Have an administrator log into the server and make several security relevant configuration changes and verify these were recorded in the audit log. If any of the security relevant changes do not appear in the log, this is a finding.
Fix Text (F-39700r1_fix)
Configure the AS to capture/record and log all content related to an administrator session.