Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-57487 | SRG-APP-000353-AS-000235 | SV-71763r1_rule | Medium |
Description |
---|
Log records can be generated from various components within the application server. The list of logged events is the set of events for which logs are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating log records (i.e., logable events). Application server log events may include, but are not limited to, HTTP, Database, and XML parsing activity. The application server must be capable of allowing defined individuals or roles to change the logging to be performed on all application server components, based on all selectable event criteria during a defined time threshold. The time threshold can be defined by such events as a change in the threat environment. The ability to change logging parameters during the threat would allow important forensic information to be gathered during the time duration of the threat. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2014-12-12 |
Check Text ( C-58195r1_chk ) |
---|
Review the application server configuration to determine if the application server provides the capability for organization-identified individuals or roles to change the logging to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds. If the application server cannot meet this requirement, this is a finding. |
Fix Text (F-62555r1_fix) |
---|
Configure the application server to provide the capability for organization-identified individuals or roles to change the logging to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds. |