UCF STIG Viewer Logo

The application server must have the capability to produce audit records on hardware-enforced, write-once media.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35577 SRG-APP-000124-AS-NA SV-46864r1_rule Medium
Description
Applications are typically designed to incorporate their audit logs into the auditing sub-system hosted by the operating system. However, in some instances application developers may decide to forego the audit capabilities offered by the operating system and maintain application audit logs separately. The protection of audit records from unauthorized or accidental deletion or modification requires that information systems be able to produce audit records on hardware-enforced write-once media. Applications that do not write audit records to a resource (e.g., underlying OS or separate system) that is capable of producing audit records on hardware-enforced, write-once media must provide the capability to do so. This requirement is related to backup of records and not real-time creation of audit records. Examples of such hardware devices include, but are not limited to CD-R and DVD-R. This requirement is not applicable to an AS. It is applicable to a central audit management system.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43918r1_chk )
This requirement is NA for the AS SRG.
Fix Text (F-40333r1_fix)
The requirement is NA. No fix is required.