The application server must track problems associated with information transfer.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35741 | SRG-APP-000061-AS-000027 | SV-47028r1_rule | Medium |
| Description |
|---|
| When an application transfers data, there is the chance an error or problem with the data transfer may occur. Applications need to track failures and any problems encountered when performing data transfers so problems can be identified and remediated. Some potential issues with a failed or problematic data transfer include: leaving sensitive data in a processing queue indefinitely, partial or incomplete data transfers, and corrupted data transfers. Tracking problems with data transfers also serves to create a forensic record that can be retained to assist in investigations regarding the flow of application data. The AS must provide a tracking capability that logs any issues or problems that are associated with message queue transfers or application deployments. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-44084r1_chk ) |
|---|
| Review the AS configuration to ensure the AS records a failure event in the server audit logs if an error is encountered during an application deployment or message transfer. If this function is not configured, this is a finding. |
| Fix Text (F-40284r1_fix) |
|---|
| Configure the AS to record an event in the server audit logs if any errors are encountered during information transfers. |