Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must use cryptographic mechanisms to protect the integrity of log information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35217 | SRG-APP-000126-AS-000085 | SV-46504r3_rule | Medium |
| Description |
|---|
| Protection of log records is of critical importance. Encrypting log records provides a level of protection that does not rely on host-based protections that can be accidentally misconfigured, such as file system permissions. Cryptographic mechanisms are the industry-established standard used to protect the integrity of log data. An example of a cryptographic mechanism is the computation and application of a cryptographic-signed hash using asymmetric cryptography. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2019-01-07 |
Details
| Check Text ( C-43589r2_chk ) |
|---|
| Review the application server documentation and configuration to determine if the application server can protect log data using cryptographic means. If the application server is not configured to encrypt and sign logs, this is a finding. |
| Fix Text (F-39763r2_fix) |
|---|
| Configure the application server to encrypt and sign logs. |