Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35150 | SRG-APP-000093-AS-000054 | SV-46437r3_rule | Medium |
Description |
---|
The application server must be capable of enabling a setting for troubleshooting or debugging purposes which will log all user session information specified by an authorized user. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2015-08-28 |
Check Text ( C-43536r2_chk ) |
---|
Review the application server documentation to determine if the application server can be configured to capture/record and log all content related to a user session. If the application server does not have the capability to allow an authorized user to capture, record, and log all content related to a user session, this is a finding. |
Fix Text (F-39700r2_fix) |
---|
Configure the application server to provide the capability for authorized users to capture, record, and log all content related to a user session. |