Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must capture, record, and log all content related to an administrative user session.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35150 | SRG-APP-000093-AS-000054 | SV-46437r1_rule | Low |
| Description |
|---|
| User sessions for an application server are in the context of server management only. The application server must be capable of enabling a setting for troubleshooting or debugging purposes which will log all administrative user session information related to server management. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43536r1_chk ) |
|---|
| Review the AS configuration to determine if the AS captures/records and logs all content related to an administrator session. Have an administrator log into the server and make several security relevant configuration changes and verify these were recorded in the audit log. If any of the security relevant changes do not appear in the log, this is a finding. |
| Fix Text (F-39700r1_fix) |
|---|
| Configure the AS to capture/record and log all content related to an administrator session. |