UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must employ automated mechanisms for the auditing of enforcement actions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35222 SRG-APP-000130-AS-000090 SV-46509r1_rule Medium
Description
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. When attempts are made to log in or make changes to the application server configuration or to the applications that reside on the application server, the application server must automatically log these actions for troubleshooting and forensic purposes.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43594r1_chk )
Review the AS logs. Attempt to perform an action that is restricted by the AS, such as logging in, uploading an application, or making changes to the AS configuration. Verify the AS automatically makes an entry in the AS logs that documents the nature of the restricted activity. If the AS is not configured to meet this requirement, this is a finding.
Fix Text (F-39768r2_fix)
Configure the AS to automatically log all restricted activity.