Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must protect audit data records and integrity by using cryptographic mechanisms.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35217 | SRG-APP-000126-AS-000085 | SV-46504r1_rule | Medium |
| Description |
|---|
| Protection of audit records and audit data is of critical importance. Encrypting audit records provides a level of protection that does not rely on host-based protections that can be accidentally misconfigured such as file system permissions. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data. An example of a cryptographic mechanism is the computation and application of a cryptographic-signed hash using asymmetric cryptography. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43589r1_chk ) |
|---|
| Review the AS documentation and configuration to determine if the AS can protect audit log data using cryptographic means. If the AS is not configured to encrypt and sign audit logs, this is a finding. |
| Fix Text (F-39763r1_fix) |
|---|
| Configure the AS to encrypt and sign audit logs. |