tc Server ALL must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-240770	VRAU-TC-000250	SV-240770r674422_rule		Medium

Description
Reviewing log data allows an investigator to recreate the path of an attacker and to capture forensic data for later use. Log data is also essential to system administrators in their daily administrative duties on the hosted system or within the hosted applications. If the logging system begins to fail, events will not be recorded. Organizations must define logging failure events, at which time the application or the logging mechanism the application utilizes will provide a warning to the ISSO and SA at a minimum.

Description

Reviewing log data allows an investigator to recreate the path of an attacker and to capture forensic data for later use. Log data is also essential to system administrators in their daily administrative duties on the hosted system or within the hosted applications. If the logging system begins to fail, events will not be recorded. Organizations must define logging failure events, at which time the application or the logging mechanism the application utilizes will provide a warning to the ISSO and SA at a minimum.

STIG	Date
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide	2021-06-23

Details

Check Text ( C-44003r674421_chk )
Interview the ISSO. Determine if log data and records are configured to alert the ISSO and SA in the event of processing failure. If log data and records are not configured to alert the ISSO and SA in the event of processing failure, this is a finding.

Fix Text (F-43962r674053_fix)
Configure the web server to provide an alert to the ISSO and SA when log processing failures occur. If the web server cannot generate alerts, utilize an external logging system that meets this criterion.