The application server must provide the capability for authorized users to capture, record, and log all content related to a user session.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35150 | SRG-APP-000093-AS-000054 | SV-46437r3_rule | Medium |
| Description |
|---|
| The application server must be capable of enabling a setting for troubleshooting or debugging purposes which will log all user session information specified by an authorized user. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2015-08-28 |
Details
| Check Text ( C-43536r2_chk ) |
|---|
| Review the application server documentation to determine if the application server can be configured to capture/record and log all content related to a user session. If the application server does not have the capability to allow an authorized user to capture, record, and log all content related to a user session, this is a finding. |
| Fix Text (F-39700r2_fix) |
|---|
| Configure the application server to provide the capability for authorized users to capture, record, and log all content related to a user session. |