UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must provide a log reduction capability that supports on-demand reporting requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-57527 SRG-APP-000181-AS-000255 SV-71803r1_rule Medium
Description
The ability to generate on-demand reports, including after the log data has been subjected to log reduction, greatly facilitates the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security incidents. Log reduction is a process that manipulates collected log information and organizes such information in a summary format that is more meaningful to analysts. The report generation capability provided by the application must support on-demand (i.e., customizable, ad-hoc, and as-needed) reports. To fully understand and investigate an incident within the components of the application server, the application server, when providing a reduction capability, must provide an on-demand reporting capability.
STIG Date
Application Server Security Requirements Guide 2014-12-12

Details

Check Text ( C-58235r1_chk )
Review application server product documentation and server configuration to determine if the application server provides a log reduction capability with on-demand report.

If the application server does not provide log reduction with on-demand reporting, this is a finding.
Fix Text (F-62595r1_fix)
Configure the application server to provide and utilize log reduction with on-demand reporting.