Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35736 | SRG-APP-000030-AS-000022 | SV-47023r1_rule | Medium |
Description |
---|
Atypical account usage is behavior that is not part of normal usage cycles, for example, user account activity occurring after hours or on weekends. Such a process greatly reduces the risk that compromised user accounts will continue to be used by unauthorized persons and provides logging that can be used for forensic purposes. Application servers do not natively monitor for atypical account usage so they must be able to log account usage and provide that data to enterprise tools that are designed to monitor for atypical account behavior. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2013-01-08 |
Check Text ( C-44079r1_chk ) |
---|
Review the AS product documentation and configuration to determine if the AS is configured to log account usage and provide that log data in a standardized log format. If the AS is not configured to provide account usage logs in a standardized format for external tool consumption, this is a finding. |
Fix Text (F-40279r1_fix) |
---|
Configure the AS to log account usage and, if necessary, to forward log data to systems that will evaluate log data for atypical usage. |