Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must provide a report generation capability for audit reduction data.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35196 | SRG-APP-000114-AS-000074 | SV-46483r1_rule | Medium |
| Description |
|---|
| In support of audit review, analysis, and reporting requirements, audit reduction is a technique used to reduce the volume of audit records in order to facilitate a manual review. In order to identify and report on what (repetitive) data has been removed via the use of audit reduction, the application server must provide a capability to generate reports containing what values were removed by the audit reduction. Audit reduction does not alter original audit records. An audit reduction capability provides support for near real-time audit review and analysis based on policy based requirements and after-the-fact investigations of security incidents. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43573r1_chk ) |
|---|
| Review the configuration settings to determine if the AS audit records can be used by a report generation capability. Review AS documentation and audit records. If the AS audit records cannot be used by a report generation capability, this is a finding. |
| Fix Text (F-39743r1_fix) |
|---|
| Configure the AS audit records to be used by a report generation capability. |