The application server must employ automated mechanisms for the auditing of enforcement actions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35222	SRG-APP-000130-AS-000090	SV-46509r1_rule		Medium

Description
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. When attempts are made to log in or make changes to the application server configuration or to the applications that reside on the application server, the application server must automatically log these actions for troubleshooting and forensic purposes.

Description

Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. When attempts are made to log in or make changes to the application server configuration or to the applications that reside on the application server, the application server must automatically log these actions for troubleshooting and forensic purposes.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43594r1_chk )
Review the AS logs. Attempt to perform an action that is restricted by the AS, such as logging in, uploading an application, or making changes to the AS configuration. Verify the AS automatically makes an entry in the AS logs that documents the nature of the restricted activity. If the AS is not configured to meet this requirement, this is a finding.

Fix Text (F-39768r2_fix)
Configure the AS to automatically log all restricted activity.