Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35222 | SRG-APP-000130-AS-000090 | SV-46509r1_rule | Medium |
Description |
---|
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. When attempts are made to log in or make changes to the application server configuration or to the applications that reside on the application server, the application server must automatically log these actions for troubleshooting and forensic purposes. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2013-01-08 |
Check Text ( C-43594r1_chk ) |
---|
Review the AS logs. Attempt to perform an action that is restricted by the AS, such as logging in, uploading an application, or making changes to the AS configuration. Verify the AS automatically makes an entry in the AS logs that documents the nature of the restricted activity. If the AS is not configured to meet this requirement, this is a finding. |
Fix Text (F-39768r2_fix) |
---|
Configure the AS to automatically log all restricted activity. |