UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must automatically audit account modification.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35733 SRG-APP-000027-AS-000019 SV-47020r1_rule Medium
Description
Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify an existing account. Application servers have the capability to contain user information in a local user store or they can leverage a centralized authentication mechanism like LDAP. Either way, the mechanism used by the app server must automatically log when user accounts are modified.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-44076r1_chk )
Review the AS product documentation and configuration to determine if the AS automatically logs account modification. If the AS is not configured to perform this requirement itself or if it does not utilize an enterprise user registry that performs this requirement, this is a finding.
Fix Text (F-40276r1_fix)
Configure the AS to automatically log account modification, if the AS utilizes an enterprise user registry, configure the registry to automatically log account modification.